Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Analysis ID:	1532785
MD5:	647a2177841aebe2f1bb1b3767f41287
SHA1:	446575615e7fcc9c58fb04cad12909a183a2eb15
SHA256:	07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c
Tags:	exe
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	49
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Checks if browser processes are running

Checks if the current machine is a virtual machine (disk enumeration)

Contain functionality to detect virtual machines

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to compare user and computer (likely to detect sandboxes)

Contains functionality to infect the boot sector

Creates an undocumented autostart registry key

Found direct / indirect Syscall (likely to bypass EDR)

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Writes many files with high entropy

AV process strings found (often used to terminate AV products)

Adds / modifies Windows certificates

Binary contains a suspicious time stamp

Changes image file execution options

Checks for available system drives (often done to infect USB drives)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to communicate with device drivers

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to detect virtual machines (SLDT)

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Disables exception chain validation (SEHOP)

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Enables debug privileges

Enables driver privileges

Enables security privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

OS version to string mapping found (often used in BOTs)

One or more processes crash

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Uses net.exe to stop services

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

query blbeacon for getting browser version

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe (PID: 6316 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe" MD5: 647A2177841AEBE2F1BB1B3767F41287)

SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp (PID: 6292 cmdline: "C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$402A0,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe" MD5: 2C94C19646786C4EE5283B02FD8CE5A5)

saBSI.exe (PID: 5924 cmdline: "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)

avg_antivirus_free_setup.exe (PID: 2160 cmdline: "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg MD5: 26816AF65F2A3F1C61FB44C682510C97)

avg_antivirus_free_online_setup.exe (PID: 5688 cmdline: "C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /ga_clientid:b9592fc5-5741-4a25-98a5-ccd83d3c903a /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec MD5: 4DE05BCEF050AB8FA30941A9E3454645)

icarus.exe (PID: 6504 cmdline: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec /track-guid:b9592fc5-5741-4a25-98a5-ccd83d3c903a MD5: B178E9C05511563BDF3A5097D9116197)

norton_secure_browser_setup.exe (PID: 5428 cmdline: "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)

NortonBrowserUpdateSetup.exe (PID: 6904 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 2B07E26D3C33CD96FA825695823BBFA7)

NortonBrowserUpdate.exe (PID: 6212 cmdline: "C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)

NortonBrowserUpdate.exe (PID: 1220 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)

NortonBrowserUpdate.exe (PID: 5856 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)

NortonBrowserUpdateComRegisterShell64.exe (PID: 5288 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe" MD5: 35BDDD897E9CF97CF4074A930F78E496)

NortonBrowserUpdateComRegisterShell64.exe (PID: 4088 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe" MD5: 35BDDD897E9CF97CF4074A930F78E496)

NortonBrowserUpdateComRegisterShell64.exe (PID: 3896 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe" MD5: 35BDDD897E9CF97CF4074A930F78E496)

CheatEngine75.exe (PID: 5808 cmdline: "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST MD5: E0F666FE4FF537FB8587CCD215E41E5F)

CheatEngine75.tmp (PID: 2504 cmdline: "C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp" /SL5="$90282,26511452,832512,C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST MD5: 9AA2ACD4C96F8BA03BB6C3EA806D806F)

net.exe (PID: 1704 cmdline: "net" stop BadlionAntic MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)

conhost.exe (PID: 4564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net1.exe (PID: 1068 cmdline: C:\Windows\system32\net1 stop BadlionAntic MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)

net.exe (PID: 3616 cmdline: "net" stop BadlionAnticheat MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)

conhost.exe (PID: 6016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net1.exe (PID: 928 cmdline: C:\Windows\system32\net1 stop BadlionAnticheat MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)

sc.exe (PID: 3396 cmdline: "sc" delete BadlionAntic MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 6456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 1016 cmdline: "sc" delete BadlionAnticheat MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

_setup64.tmp (PID: 6448 cmdline: helper 105 0x42C MD5: E4211D6D009757C078A9FAC7FF4F03D4)

conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

icacls.exe (PID: 6616 cmdline: "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX) MD5: 48C87E3B3003A2413D6399EA77707F5D)

conhost.exe (PID: 6664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Kernelmoduleunloader.exe (PID: 7120 cmdline: "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP MD5: 9AF96706762298CF72DF2A74213494C9)

windowsrepair.exe (PID: 2668 cmdline: "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s MD5: 9A4D1B5154194EA0C42EFEBEB73F318F)

icacls.exe (PID: 1988 cmdline: "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX) MD5: 48C87E3B3003A2413D6399EA77707F5D)

conhost.exe (PID: 5368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Cheat Engine.exe (PID: 2688 cmdline: "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe" MD5: F921416197C2AE407D53BA5712C3930A)

cheatengine-x86_64-SSE4-AVX2.exe (PID: 4852 cmdline: "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe" MD5: 910DE25BD63B5DA521FC0B598920C4EC)

WerFault.exe (PID: 4476 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 972 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 1720 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 1068 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6292 -ip 6292 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NortonBrowserUpdate.exe (PID: 3336 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)

NortonBrowserUpdate.exe (PID: 5472 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)

NortonBrowserUpdate.exe (PID: 6012 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)

NortonBrowserUpdate.exe (PID: 5576 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)

msiexec.exe (PID: 6716 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\GUT98FF.tmp	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x1f88a8:$Dwork: D:\work 0x1fac58:$Dwork: D:\work 0x1faedc:$Dwork: D:\work 0x2019f8:$Dwork: D:\work 0x201ba0:$Dwork: D:\work 0x201d08:$Dwork: D:\work 0x201de0:$Dwork: D:\work 0x202040:$Dwork: D:\work 0x202160:$Dwork: D:\work 0x202280:$Dwork: D:\work 0x202330:$Dwork: D:\work 0x2db910:$Dwork: D:\work 0x2dba38:$Dwork: D:\work 0x2dbba0:$Dwork: D:\work 0x2dbd88:$Dwork: D:\work 0x2dbe78:$Dwork: D:\work 0x2dbff8:$Dwork: D:\work 0x2dc118:$Dwork: D:\work 0x2dc1c8:$Dwork: D:\work 0x4ed054:$Dwork: D:\work 0x4ed0b0:$Dwork: D:\work

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 3896	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x39da:$Dwork: D:\work 0x4cba:$Shell6: Shell6 0x4ced:$Shell6: Shell6

Sigma Signatures

System Summary

Sigma detected: Net.exe Execution

Source: Process started

Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "net" stop BadlionAntic, CommandLine: "net" stop BadlionAntic, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp" /SL5="$90282,26511452,832512,C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST, ParentImage: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp, ParentProcessId: 2504, ParentProcessName: CheatEngine75.tmp, ProcessCommandLine: "net" stop BadlionAntic, ProcessId: 1704, ProcessName: net.exe

Sigma detected: Stop Windows Service Via Net.EXE

Source: Process started

Author: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "net" stop BadlionAntic, CommandLine: "net" stop BadlionAntic, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp" /SL5="$90282,26511452,832512,C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST, ParentImage: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp, ParentProcessId: 2504, ParentProcessName: CheatEngine75.tmp, ProcessCommandLine: "net" stop BadlionAntic, ProcessId: 1704, ProcessName: net.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 1720, ProcessName: svchost.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

ReversingLabs: Detection: 39%

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002C14F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,	5_2_002C14F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002C17A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,	5_2_002C17A0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00275870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	5_2_00275870
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00276220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,	5_2_00276220
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AE610 CryptMsgClose,	5_2_002AE610
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002767B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,	5_2_002767B0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AEB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,	5_2_002AEB60
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AF150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,	5_2_002AF150
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AF3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,	5_2_002AF3C0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A5B0E0 CryptDestroyHash,CryptDestroyHash,	6_2_00A5B0E0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A582F0 CryptDestroyHash,	6_2_00A582F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A59250 CryptGenRandom,GetLastError,__CxxThrowException@8,	6_2_00A59250
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A59450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,	6_2_00A59450
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A58DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,	6_2_00A58DC0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A59020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,	6_2_00A59020
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A58260 CryptDestroyHash,	6_2_00A58260
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A59340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,	6_2_00A59340
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A594D0 CryptHashData,GetLastError,__CxxThrowException@8,	6_2_00A594D0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A58EF0 CryptReleaseContext,	6_2_00A58EF0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A72660 CryptReleaseContext,	6_2_00A72660
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B04617F LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,	7_2_6B04617F

Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_0d947b04-c

Compliance

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Creates a directory in C:\Program Files

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Directory created: C:\Program Files\Norton\Browser\NortonBrowserUninstall.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\unins000.dat
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-LB5OD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-MTART.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-0G0TM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-9T5NT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-K6MH5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-2RDUM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-QJSEK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3MBRG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4H3E6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32\is-AOM6Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64\is-0BCA6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32\is-0OS4A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64\is-7TPL7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32\is-5JTH0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64\is-75A04.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-HME12.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3C6G0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-VBUE0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-24I47.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-298KH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-7Q5CB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-HRQ2J.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4D2E6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3KOLE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-Q7DRT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-RBU7H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-NPNPQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-RJ6EI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-MQ1KH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-S8B9H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-NBC6R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-70BUK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-IJQFS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-DBQ9C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-50KP0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4HAOD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-78OBP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-8G2RP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-Q6VO1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-5922L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-S6F9T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-4J19G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-QKIFN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-8Q4O2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-8SLG2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-F0SFA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-OR7FQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-I5F7F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-JMH80.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-JJBTV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-44CC1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-B5TJI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-OL6VE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-CLTQ6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-V5VS4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-JP1J3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-BR785.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-SUSSO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-70FRS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-2KOGR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-IOSNS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-SDMIC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-PLNB1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-4Q1BH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-O9Q8C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-9U0RQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-K8SDA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-HKILU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-6J8NC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-R00DR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-7NEAF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-GNGMP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-QJL6L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-B5EH7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-BR3E9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-N738R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-CIURU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-KJV2L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-04N8G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-9VBQS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-H4510.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-3C6IU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-I08CQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-Q7RFI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-U7L3I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-SM06P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-7HMJ2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-Q48TO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-7UOLD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-S1JMU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-MR0MU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-EI6G4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-G03C8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-FDRG6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-OR2O6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-C3O5E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-BT11S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-43AJ9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-FLJQJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-K79GF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-D83K0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-TKIKU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-VK45T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-GC3NU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-VCH4D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-OJ9TU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-2FR5R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-GK3MK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\tcc
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\tcc\is-M6HOQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2AHB0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-4KLA5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-R2FR8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-HCTR0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-NDQCS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3D26K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-1NE8J.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-VRBOM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2DD8C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-C72J0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-S8QLD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-MDU3L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-RVEM5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-426B0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-B7SCC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-LTHHK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-ME631.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-6MAEC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-I3SCB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3DASC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-5R3FO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-L3N0T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-TPR80.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-UP51K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-U75H1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-IRTAB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-L1763.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-AKV35.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-9FVFL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-PJLMD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-O5I1D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-1DA6M.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-UHV8B.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-IDTKR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-TT78L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-QONLV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-AVJBR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-CFLPE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-2D1UK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-DA6UQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-8TGUU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-GCVRT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-692Q1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-VKJIS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-2JPQC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-NUSO1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3265L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4F380.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-D42AS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-PIADI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-2GQ07.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-5AJNR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BKNH7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-V0207.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ECJSG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-78908.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-L1524.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-6TLNO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-M1718.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-T0R2S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-SUR6B.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ONEVU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-FFQ95.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-2D45H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-A7KQL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-Q3C8H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\images
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-1DU32.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-3VEHV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BOTFQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-TSV58.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BH2HL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-UU2LT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5NNAH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BQADR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ANDBM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-CEL34.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-OA13J.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-89VU3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-UTFRU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-K2KFB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-9KS7N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-C9ULO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-VGT14.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-8KNKB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-4FINL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-47GOH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-KFVE1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-R7BFR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-4RT86.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-LO9E6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-H6F9C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-NK13K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-KJ922.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-JS32G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-MN8DU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-5RRLD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-0OU20.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\xml
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\xml\is-GNT57.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs32
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs32\is-B30AF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs64
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs64\is-K8UEV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-Q14OP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-4PQA1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-QRS1L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-LGQU1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-OTCB4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-ALU8P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-2M6AB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-67UKC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-7TGHP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-NCBT5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-665F7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-LM17N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-SLVPH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-U836T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-1QHF1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-KRIHR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-HR134.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-O6V9Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-D49SI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NO8GF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-R0Q39.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-DQKDK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-ARBUH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-S2D5C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-KGL2P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-BIDU2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-CG8FN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-GVCM9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-O36UB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-FUCAS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-MQPUR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3D3CV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-8FL6N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-AR37R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-SLQEM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-QCBN5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-CVS0N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-DMNCN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-DNPM0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-MSC6K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-UPK50.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-JUSL7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-UOIVF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-IN5H3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-HCP0C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-J7K13.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-OK39U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-1V0GB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-7MEJJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-AR9K4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-3PV83.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-2CS23.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-F97JC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-I3IM2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-DQ90M.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-CFR84.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-3AB8G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-CRBIK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-DV6EG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-1DJ85.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-0JRFM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-LPLPI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-N3N08.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-PJPBU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-SBQPM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-M5LUL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-BN9ON.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-VAH19.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-N0IB9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-A3HPK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-HUJEK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-8NPPR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-CPNT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-PAE68.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-D14CO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-D3TBF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-DEJS7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-JJD49.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-9JUHQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-OETFQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\unins000.msg
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\server.txt

Creates a software uninstall entry

Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine_is1

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3650560887.0000000000455000.00000002.00000001.01000000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2186074409.0000000000455000.00000002.00000001.01000000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp
Source:	Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3677455913.000000006F6F6000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3674626283.000000006AF6E000.00000002.00000001.01000000.00000016.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb@ source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdba source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateComRegisterShell64.exe, 0000002C.00000000.2448062254.00007FF757B3B000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateComRegisterShell64.exe, 0000002C.00000000.2448062254.00007FF757B3B000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 00000019.00000003.2277887899.0000000004272000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3675093800.000000006AFA3000.00000002.00000001.01000000.00000015.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3676772977.000000006B1F2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.3659933566.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2154058664.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_004028D5 FindFirstFileW,	7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_0040679D FindFirstFileW,FindClose,	7_2_0040679D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B1E7010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,	7_2_6B1E7010

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox View	IP Address: 104.18.21.226 104.18.21.226
Source: Joe Sandbox View	IP Address: 34.160.176.28 34.160.176.28

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_6B1E91E0 lstrlenW,HttpQueryInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrlenW,CreateFileW,GetLastError,InternetReadFile,lstrcpynA,WriteFile,InternetReadFile,GetLastError,InternetQueryOptionW,InternetQueryOptionW,InternetQueryOptionW,wsprintfW,GetLastError,MultiByteToWideChar,GetLastError,wsprintfW,GlobalFree,CloseHandle,DeleteFileW,

7_2_6B1E91E0

Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s:%d;https=https://%s:%dContent-EncodingHTTP/1.0deflate:
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/cps.html0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/last.crl0G
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acedicom.edicomgroup.com/doc0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004920000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634613540.0000000004920000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004920000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634613540.0000000004920000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625213060.0000000004950000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3674119947.0000000004950000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: saBSI.exe, 00000005.00000002.2633360047.0000000005A5A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619864193.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619603678.0000000005A51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.dig%u~
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2507326989.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2633817380.0000000005ECE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrusted
Source: norton_secure_browser_setup.exe, 00000007.00000002.3673351433.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634932361.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624417763.0000000004835000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000812000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004800000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003526000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616203697.0000000003E6D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2633817380.0000000005ECE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.000000000484C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crtK8
Source: norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crtu
Source: norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com:80/DigiCertTrustedRootG4.crt
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623640986.000000000492D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxB6z
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxf/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cnx.conceptsheartranch.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2154751260.00000000034DD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2179047230.00000000034DC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2163877224.00000000034DD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2793637519.000000000069A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2792971371.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3654316282.000000000069B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616203697.0000000003E6D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616803346.0000000003E6E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2260701530.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2208849459.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2392203457.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2444698056.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3056917127.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2418578206.00000000033FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623640986.000000000492D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3635298266.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004829000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000886000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000886000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3635298266.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004829000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000886000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000886000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004931000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623640986.000000000492D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: norton_secure_browser_setup.exe, 00000007.00000002.3673351433.0000000004837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/
Source: saBSI.exe, 00000005.00000002.2633360047.0000000005A5A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619864193.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619603678.0000000005A51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssured1ub
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2507326989.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2633817380.0000000005ECE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673351433.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634932361.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624417763.0000000004835000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000812000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003526000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616203697.0000000003E6D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NortonBrowserUpdate.exe, 0000001B.00000003.2317146367.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3673351433.0000000004837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/Dig
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673351433.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634932361.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624417763.0000000004835000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000812000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3635298266.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004829000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000886000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000886000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3635298266.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004829000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000886000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000886000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabR
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enk
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634258638.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634258638.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625409858.00000000048D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3659933566.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2154058664.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: norton_secure_browser_setup.exe, 00000007.00000000.2175230031.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.0000000004908000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673351433.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634932361.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624417763.0000000004835000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000812000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.0000000004836000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2633817380.0000000005ECE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.000000000484C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2507326989.0000000005CCE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2633817380.0000000005ECE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003526000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616203697.0000000003E6D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crtX
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048FF000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.gva.es0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3635298266.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004829000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000886000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000886000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.digidentity.eu/validatie0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://push.ff.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.global
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://t2.symcb.com0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tl.symcd.com0&
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3650087301.0000000000608000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3650087301.0000000000608000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/K
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3650087301.0000000000608000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com/f
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3650087301.0000000000608000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org/doc0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.0000000004908000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.0000000004908000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.0000000004908000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.0000000004908000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623502554.000000000495F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ancert.com/cps0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623640986.000000000492D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623640986.000000000492D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/es/address-direccion.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0/
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625409858.00000000048D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625409858.00000000048D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class1.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625409858.00000000048D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634258638.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.comsign.co.il/cps0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625409858.00000000048D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.0000000004908000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624803221.000000000495C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.defence.gov.au/pki0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172284733.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2388502354.0000000006345000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673351433.0000000004837000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634811369.0000000004857000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634932361.0000000004836000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3622213505.000000000484C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3614619233.0000000004831000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624417763.0000000004835000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673671022.000000000485D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3649223682.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2260660424.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000812000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625499946.0000000004836000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625213060.0000000004950000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3674119947.0000000004950000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625213060.0000000004950000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3674119947.0000000004950000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca0f
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2971580828.0000000002376000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1764203264.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1771125880.0000000003500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007626000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dnie.es/dpc0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623502554.000000000495F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-me.lv/repository0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crl
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/SZSZ/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623502554.000000000495F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-trust.be/CPS/QNcerts
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.eme.lv/repository0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2164152045.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2793637519.000000000069A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2792971371.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3654316282.000000000069B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/f
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3650087301.0000000000608000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com:80/collect
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513801066.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510490848.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mcafee.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oaticerts.com/repository.
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048FF000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048FF000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0%
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004931000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623640986.000000000492D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623502554.000000000495F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rcsc.lt/repository0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/cps/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/juur/crl/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004931000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623640986.000000000492D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ssc.lt/cps03
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: norton_secure_browser_setup.exe, 00000007.00000002.3665145583.00000000027C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/license/?l=%LOCALE%licenseAgreement
Source: norton_secure_browser_setup.exe, 00000007.00000002.3665145583.00000000027C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/privacy/?l=%LOCALE%privacyPolicyLin
Source: norton_secure_browser_setup.exe, 00000007.00000002.3665145583.00000000027C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/uninstall-survey/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2234015051.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2234015051.000000000085C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, 00000005.00000003.2179047230.00000000034DC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2163877224.00000000034DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.co
Source: saBSI.exe, 00000005.00000003.2163877224.00000000034DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 00000005.00000003.2154751260.00000000034DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/7Z
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/I
Source: saBSI.exe, 00000005.00000003.2154751260.00000000034DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/io
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2163922755.00000000034B0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2153977418.00000000034B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordC
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordf
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordbq0pzMh1iysE9YiVlC14kJF9ZI
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordnn
Source: saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.comse
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2208849459.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2442862499.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2205386317.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2262252659.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033BA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3056917127.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3056552091.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2392203457.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2208230237.00000000033BA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3662328823.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3057434708.00000000033FF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3661206317.00000000033BC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2418081564.00000000033BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3056917127.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3662328823.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3057434708.00000000033FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/f
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2208849459.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3056917127.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2208230237.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2262252659.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2205386317.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3662328823.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3057434708.00000000033FF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3658879355.0000000003397000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3056344556.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25136ac5
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3650560887.0000000000455000.00000002.00000001.01000000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2186074409.0000000000455000.00000002.00000001.01000000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp	String found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25Sent
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3658879355.0000000003358000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/252/c686cdd74a82dffd852bfe5b739bd2022835b25941d39493
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.qa.apis.mcafee.com(
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: norton_secure_browser_setup.exe, 00000007.00000002.3665145583.00000000027C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn-%HOST_PREFIX%update.norton.securebrowser.com/installer/%VERSION%/norton-securebrowser%ED
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: norton_secure_browser_setup.exe, 00000007.00000003.2224284471.0000000000856000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E27000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxargumentsshow-windowretriesdelaycmd.exe
Source: saBSI.exe, 00000005.00000003.2283648590.0000000003529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://confluence.int.mcafee.com/pages/viewpage.action?pageId=35264328
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3653319055.0000000000657000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2792971371.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000668000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2791974919.0000000000656000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3654316282.0000000000689000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3653319055.0000000000657000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000668000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2791974919.0000000000656000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3653319055.0000000000657000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2971580828.00000000023DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1764203264.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1771125880.0000000003500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2964729312.0000000004C81000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002460000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2966232856.0000000004D59000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.0000000003854000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/files/1319/avg.zip
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/files/1319/avg.zipa
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.0000000003854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/images/1509/EN.png
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2971580828.00000000023DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1764203264.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1771125880.0000000003500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2964729312.0000000004C81000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002460000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007560000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/CheatEngine/1032/CheatEngine75.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/CheatEngine/1032/CheatEngine75.exee
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.0000000003854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002524000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png1
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngD
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038650259.0000000003848000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003899000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.00000000024E1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipR
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003899000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipca4
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2151142778.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipk
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038650259.0000000003848000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.0000000003854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/images/943/EN.png
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2971580828.00000000023DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1764203264.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1771125880.0000000003500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2964729312.0000000004C81000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2966232856.0000000004D9D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002460000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/o
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2971580828.00000000023DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1764203264.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1771125880.0000000003500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2964729312.0000000004C81000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2966232856.0000000004D9D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.0000000003854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002460000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.000000000258A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/zbd
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956243600.0000000000A34000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2407153826.0000000000A32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/zbd.tmp
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.0000000003854000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/zbdJ
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1869158376.00000000037CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net:443/f/WebAdvisor/images/943/EN.pngI
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1869158376.00000000037CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net:443/zbd
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hns-legacy.sb.avast.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2260701530.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2392203457.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2444698056.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3056917127.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2418578206.00000000033FF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320520312.00000000033FF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2266245160.00000000033FF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3662328823.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3057434708.00000000033FF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2418081564.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2356616979.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3652601549.000000000063B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2791974919.0000000000638000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2164152045.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/70S
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2208849459.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2205386317.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2262252659.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033BA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2208230237.00000000033BA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzma
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/r
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2164152045.0000000000641000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000656000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3661206317.00000000033BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/3a9b/c34b/6b2c/3a9bc34b6b2c36180dca72e2d1c706269d1501ebd9b2c37e39e
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/525e/717a/0e3c/525e717a0e3ce0c1c92209926f5fe71e3764ac82eae6d4ad22a
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2418081564.00000000033BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/7dcb/3284/d637/7dcb3284d637fb01aca0aa743bab8ab85de550c34e1bd91be16
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/ba37/d394/2a9c/ba37d3942a9c593900b99a86c846013422428366dc42dc3bca9
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2418081564.00000000033BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/c686/cdd7/4a82/c686cdd74a82dffd852bfe5b739bd2022835b25941d394935b0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2418081564.00000000033BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/e27c/e913/9c20/e27ce9139c203b6fb8ea8b8d82d50edeb2466df76377db241ab
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2418081564.00000000033BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net/universe/ec6a/b4f0/e8de/ec6ab4f0e8de9de8a8c3073baba01c0bdc941f0b50742c666b1
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000668000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3658879355.0000000003358000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net:443/universe/3a9b/c34b/6b2c/3a9bc34b6b2c36180dca72e2d1c706269d1501ebd9b2c37
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3658879355.0000000003358000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net:443/universe/525e/717a/0e3c/525e717a0e3ce0c1c92209926f5fe71e3764ac82eae6d4a
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3658879355.0000000003358000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://honzik.avcdn.net:443/universe/e27c/e913/9c20/e27ce9139c203b6fb8ea8b8d82d50edeb2466df76377db2
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm.avcdn.net/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000000.1763606284.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000871000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2224284471.0000000000871000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000871000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3616374849.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000865000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2224284471.0000000000871000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: norton_secure_browser_setup.exe, 00000007.00000003.2227421964.0000000003E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://my.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0application/jsonFaile
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pair.ff.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rca.e-szigno.hu/ocsp0-
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reasonlabs.com/policies
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.tsp.zetes.com0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.756/updatefile.json
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.m
Source: saBSI.exe, 00000005.00000003.2179047230.00000000034DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe	String found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2633319482.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619603678.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620008607.0000000005A51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000005.00000003.2192425953.0000000003529000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmll
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000005.00000003.2619864193.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619603678.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000005.00000003.2619283321.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2499502259.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619527807.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2283702776.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000003.2179047230.00000000034DC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2163877224.00000000034DD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPROCESSX
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2On
Source: saBSI.exe, 00000005.00000003.2619864193.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619603678.0000000005A51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 00000005.00000003.2619283321.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2499502259.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619527807.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2283702776.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlnload.mcafee.com
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binaryR
Source: saBSI.exe, 00000005.00000003.2500290213.0000000005A5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2283702776.0000000005A5A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2499502259.0000000005A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/965/
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/965/64/installer.exe-r
Source: saBSI.exe, 00000005.00000003.2500290213.0000000005A5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2283702776.0000000005A5A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2499502259.0000000005A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2499502259.0000000005A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml0
Source: saBSI.exe, 00000005.00000003.2619864193.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619603678.0000000005A51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 00000005.00000003.2619283321.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2499502259.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619527807.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2283702776.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 00000005.00000003.2283648590.0000000003529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/saLOCALA
Source: saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sag
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/update/post_install.xmloRbq0pzMh1iysE9YiVlC14kJF9ZI
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sciter.com0/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3635298266.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004829000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000886000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000886000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.avcdn.net
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3658879355.0000000003376000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp	String found in binary or memory: https://shepherd.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2190814115.00000000033A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.avcdn.net//url
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: norton_secure_browser_setup.exe, 00000007.00000002.3662223600.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com/
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003DF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com/?_=1728855869019&retry_tracking_count=0&last_request_error_code=0&la
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com/X
Source: norton_secure_browser_setup.exe, 00000007.00000002.3662223600.000000000082C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com?_=1728855869019
Source: norton_secure_browser_setup.exe, 00000007.00000002.3665145583.00000000027C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingPar
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://submit.sb.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2208623143.0000000003DFE000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2211603225.0000000003E04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: norton_secure_browser_setup.exe, 00000007.00000003.2208623143.0000000003DFE000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2211603225.0000000003E04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns-legacy.sb.avast.comhttps
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webcompanion.com/privacy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webcompanion.com/terms
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webcompanion.com/terms7
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/en/license/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/en/privacy/
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ACTAS/789230
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/address/)1(0&
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-consumer-products$
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/priv/U
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eula
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2153248293.0000000006A14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eula/en-us/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.000000000387D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.000000000387A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eulat.net
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2967961343.0000000006A10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2153248293.0000000006A14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacynet/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.000000000387D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.000000000387A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.000000000386E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacynet/c
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacynet/r
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ccleaner.com/about/privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreementK
Source: CheatEngine75.exe, 00000009.00000003.2369639447.0000000002291000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cheatengine.org/
Source: CheatEngine75.exe, 00000009.00000003.2369639447.0000000002291000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cheatengine.org/A
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007560000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cheatengine.org/privacy.htm
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2954431830.00000000009E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cheatengine.org/privacy.htmdpro
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2949591158.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2146313893.0000000006346000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2130514068.000000000386E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510652445.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2497747469.0000000005B48000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2511341257.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2498983600.0000000003530000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513343821.0000000005C61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2513705095.0000000003537000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2510906930.0000000003530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: norton_secure_browser_setup.exe, 00000007.00000003.2233841298.0000000000865000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000000.1769759551.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 00000009.00000003.2198323283.000000007FB30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003899000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html6ff069e7a9e9fd65ca
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html:
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlM
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zipLg
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/xe
Source: saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623502554.000000000495F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.hu/docs/
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.net/docs
Source: norton_secure_browser_setup.exe, 00000007.00000003.3616803346.0000000003E6E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000019.00000003.2277887899.0000000004272000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000001B.00000003.2317146367.0000000000D12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007511000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/lega
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2964729312.0000000004C81000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007536000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.00000000075A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/D
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/EC86D
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003899000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/EC86Dv
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007601000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/p
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007601000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/pr
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007559000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007580000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007536000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.00000000075EB000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002506000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.00000000075D6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.000000000252B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002460000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.00000000075A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/0TaMo
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003885000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/;
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003885000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/P
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003885000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/T
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/Y
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/he/eula/computers
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/he/eula/computersgcFM
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/he/privacy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AD2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000000.1769759551.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 00000009.00000003.2198323283.000000007FB30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.thawte.com/cps0/
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.thawte.com/repository0W
Source: norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

7_2_00405601

E-Banking Fraud

Checks if browser processes are running

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: lstrcpyW,lstrcpyW,lstrcmpW,lstrcpyW,lstrlenW,lstrcpyW,GetFileAttributesW,CreateFileW,GetFileSize,GlobalAlloc,ReadFile,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,GlobalFree,CloseHandle,StrStrW,StrStrW,StrStrW,StrStrW,GlobalAlloc,lstrcpynW,GlobalFree,CloseHandle,GlobalFree, \SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxManifest.xml

7_2_6AF62050

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560			Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe entropy: 7.9934109544	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0 (copy) entropy: 7.99597518735	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1 (copy) entropy: 7.99668482326	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2 (copy) entropy: 7.99994992874	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0.zip (copy) entropy: 7.99597518735	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1.zip (copy) entropy: 7.99668482326	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2.zip (copy) entropy: 7.99994992874	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\installer.exe entropy: 7.99155381417	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\9dbb4156-c638-4892-8fca-7492b7a2836c entropy: 7.99867427042	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\setupui.cont entropy: 7.99950093996	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\d7d319e6-a995-47bb-92b5-c7b1f08cfa98 entropy: 7.99951440014	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\6f9be9cc-e43e-4a27-bf97-77fab14f54a1 entropy: 7.99995735727	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\511684e9-5057-4028-b2fd-11934b8e0bb7 entropy: 7.99983248956	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\e3526f6e-1aba-420e-bce6-afd5a4f27b9c entropy: 7.99988874548	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\a1aa0ea5-4861-4bb0-96d1-862772d227e7 entropy: 7.99994482497	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tiny.cepack (copy) entropy: 7.99400748427	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\standalonephase1.cepack (copy) entropy: 7.99178449569	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\standalonephase2.cepack (copy) entropy: 7.99243682541	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\dbk32.cepack (copy) entropy: 7.99403851023	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\dbk64.cepack (copy) entropy: 7.9956449907	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\Tutorial-i386.cepack (copy) entropy: 7.99553499082	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\setupui.cont entropy: 7.99950093996	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\icarus_product.dll.lzma entropy: 7.99938660973	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99302035975	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_product.dll.lzma entropy: 7.99988284299	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_rvrt.exe.lzma entropy: 7.99302035975	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\aswOfferTool.exe.lzma entropy: 7.99977539515	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 3896, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Program Files (x86)\GUT98FF.tmp, type: DROPPED	Matched rule: PlugX Identifying Strings Author: Seth Hardy

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00276220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,

5_2_00276220

Contains functionality to launch a process as a different user

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_6B1E9B40 GetFileAttributesW,CloseHandle,lstrlenW,lstrlenW,lstrlenW,GetFileAttributesW,CloseHandle,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrlenW,lstrcpyW,lstrcpyW,WTSGetActiveConsoleSessionId,CloseHandle,LoadLibraryW,LoadLibraryW,CloseHandle,LoadLibraryW,CloseHandle,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,DuplicateTokenEx,GetTokenInformation,GetTokenInformation,GetTokenInformation,CloseHandle,CreateProcessAsUserW,CloseHandle,CloseHandle,ShellExecuteExW,CloseHandle,CloseHandle,CreateProcessW,CloseHandle,AllowSetForegroundWindow,GlobalFree,CloseHandle,CloseHandle,

7_2_6B1E9B40

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

7_2_0040350D

Creates files inside the system directory

Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\43e161.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE307.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\43e164.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\43e164.msi

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\43e164.msi

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Code function: 1_2_0018FDE8	1_2_0018FDE8
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00274F50	5_2_00274F50
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00278FB0	5_2_00278FB0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002770D9	5_2_002770D9
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_0027F110	5_2_0027F110
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002973B0	5_2_002973B0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AD540	5_2_002AD540
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002B1840	5_2_002B1840
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00293AC0	5_2_00293AC0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AFFE0	5_2_002AFFE0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002A8190	5_2_002A8190
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002B83A0	5_2_002B83A0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AA540	5_2_002AA540
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002F8609	5_2_002F8609
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_0025A610	5_2_0025A610
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002C0660	5_2_002C0660
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002B47C0	5_2_002B47C0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002B28A0	5_2_002B28A0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_003068E0	5_2_003068E0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002E0919	5_2_002E0919
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00300992	5_2_00300992
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00300AB2	5_2_00300AB2
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00252B00	5_2_00252B00
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002E0B4B	5_2_002E0B4B
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002B6D43	5_2_002B6D43
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002E0DB0	5_2_002E0DB0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002DADD0	5_2_002DADD0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00288EA0	5_2_00288EA0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_0025CF40	5_2_0025CF40
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002AF150	5_2_002AF150
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_0029D2C0	5_2_0029D2C0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002E933A	5_2_002E933A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002EB340	5_2_002EB340
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00255400	5_2_00255400
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002F14AF	5_2_002F14AF
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002BB4F0	5_2_002BB4F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002B7602	5_2_002B7602
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_0025F830	5_2_0025F830
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002FD8E0	5_2_002FD8E0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002E390B	5_2_002E390B
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002B3A30	5_2_002B3A30
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_0028FB40	5_2_0028FB40
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00283C50	5_2_00283C50
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_0027BCB0	5_2_0027BCB0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00257D10	5_2_00257D10
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A552F0	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A5BB70	6_2_00A5BB70
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A6C9D0	6_2_00A6C9D0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A7126C	6_2_00A7126C
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A5D340	6_2_00A5D340
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A5EDE0	6_2_00A5EDE0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A666E4	6_2_00A666E4
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A6CE7E	6_2_00A6CE7E
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_00406B64	7_2_00406B64
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF6C771	7_2_6AF6C771
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9DAF1	7_2_6AF9DAF1
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF89219	7_2_6AF89219
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9D20E	7_2_6AF9D20E
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9C3CA	7_2_6AF9C3CA
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF820FA	7_2_6AF820FA
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9D82A	7_2_6AF9D82A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF846E2	7_2_6AF846E2
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF8E790	7_2_6AF8E790
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF8C78B	7_2_6AF8C78B
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF81C86	7_2_6AF81C86
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9A47D	7_2_6AF9A47D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF8944B	7_2_6AF8944B
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9DDAC	7_2_6AF9DDAC
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9A59D	7_2_6AF9A59D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9D580	7_2_6AF9D580
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF98D2E	7_2_6AF98D2E
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFF6AF0	7_2_6AFF6AF0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFCE75B	7_2_6AFCE75B
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFEA44A	7_2_6AFEA44A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0AB3B0	7_2_6B0AB3B0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFC336A	7_2_6AFC336A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0E80C9	7_2_6B0E80C9
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFC5A59	7_2_6AFC5A59
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFC5B9D	7_2_6AFC5B9D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFC58F9	7_2_6AFC58F9
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFF1EF4	7_2_6AFF1EF4
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFCDEEF	7_2_6AFCDEEF
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFC9C74	7_2_6AFC9C74
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFC5DC1	7_2_6AFC5DC1
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B04D38B	7_2_6B04D38B
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFC9327	7_2_6AFC9327
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B119140	7_2_6B119140
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0D552D	7_2_6B0D552D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B1E9730	7_2_6B1E9730
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6F6F2F07	7_2_6F6F2F07

Enables driver privileges

Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

Process token adjusted: Load Driver

Enables security privileges

Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

Process token adjusted: Security

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 002D8713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 002D8DFE appears 111 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 00261BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 00298650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 002F4231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 002D9600 appears 61 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 002D85BF appears 56 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: String function: 002D8E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B1E5170 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCB025 appears 99 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B1E2930 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B036A87 appears 176 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFDF913 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B036A1B appears 217 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCAE1C appears 116 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B0AC191 appears 75 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B0369E8 appears 310 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B036A51 appears 114 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCAD14 appears 276 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFC25C6 appears 241 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B036772 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCC5E1 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCC4DD appears 303 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCB0CE appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B036AC0 appears 114 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCC7B4 appears 518 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AF9F420 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFDF8D7 appears 91 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6B01C485 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: String function: 6AFCC6E4 appears 77 times

One or more processes crash

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6292 -ip 6292

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: installer.exe.5.dr	Static PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 24653488 bytes, 137 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 895 datablocks, 0x1 compression
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: sciterui.dll.7.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: CheatEngine75.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-LB5OD.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

PE file contains strange resources

Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: NortonBrowserUninstall.exe.7.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary

PE file does not import any functions

Source: sciterui.dll.7.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000000.1763726308.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2971580828.0000000002438000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Yara signature match

Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 3896, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Program Files (x86)\GUT98FF.tmp, type: DROPPED	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

query blbeacon for getting browser version

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Key value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon version

Jump to behavior

Source: CheatEngine75.tmp, 0000000A.00000003.2352854036.0000000000B52000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: 1{app}\autorun\dlls\src\Mono\MonoDataCollector.sln

Source: classification engine

Classification label: mal56.rans.bank.spyw.evad.winEXE@85/870@0/13

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		7_2_0040350D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B04A11E __EH_prolog3_catch_GS,__EH_prolog3_catch_GS,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,GetShellWindow,GetWindowThreadProcessId,OpenProcess,GetLastError,GetShellWindow,GetProcessId,OpenProcessToken,GetLastError,DuplicateTokenEx,GetLastError,CreateProcessWithTokenW,GetLastError,GetLastError,		7_2_6B04A11E

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe

Code function: 6_2_00A552F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,

6_2_00A552F0

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00264C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

5_2_00264C8E

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00265C1E CoCreateInstance,OleRun,

5_2_00265C1E

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00285318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,

5_2_00285318

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

File created: C:\Program Files\Norton\Browser\NortonBrowserUninstall.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\1a61ad46ea20be40b258533faf1b0048
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6292
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Mutant created: \Sessions\1\BaseNamedObjects\{9bad0be7-37a7-44b5-940f-7c5abae5b463}Installer
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6664:120:WilError_03
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6016:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5368:120:WilError_03
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6456:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\11c5957706375e7ac899aac868708f7e
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4564:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Mutant created: \Sessions\1\BaseNamedObjects\Global\{9bad0be7-37a7-44b5-940f-7c5abae5b463}Installer

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

File created: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /silent	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /cookie	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /ppi_icd	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /cust_ini	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Enabled	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxyType	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Port	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: User	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Password	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: ProxySettings	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: Properties	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: /smbupd	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: enable	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: mirror	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: count	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: servers	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: urlpgm	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: server0	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: http://	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: https://	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: allow_fallback	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: mirror	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: installer.exe	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: {versionSwitch}	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: stable	6_2_00A552F0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Command line argument: %s\%s	6_2_00A552F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ((visits.visit_time/1000000)-11644473600) AS vtime FROM 'visits' ORDER BY vtime DESC LIMIT 1;
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT last_visit_date / 1000000 AS vtime FROM 'moz_places' ORDER BY vtime DESC LIMIT 1;
Source: norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

ReversingLabs: Detection: 39%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Process created: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp "C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$402A0,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /ga_clientid:b9592fc5-5741-4a25-98a5-ccd83d3c903a /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Process created: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp "C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp" /SL5="$90282,26511452,832512,C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\net.exe "net" stop BadlionAntic
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\net.exe "net" stop BadlionAnticheat
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\sc.exe "sc" delete BadlionAnticheat
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-K0BUO.tmp\_isetup\_setup64.tmp helper 105 0x42C
Source: C:\Users\user\AppData\Local\Temp\is-K0BUO.tmp\_isetup\_setup64.tmp	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Windows\System32\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Windows\System32\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Process created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6292 -ip 6292
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 972
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: unknown	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
Source: unknown	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec /track-guid:b9592fc5-5741-4a25-98a5-ccd83d3c903a
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Process created: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp "C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$402A0,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /ga_clientid:b9592fc5-5741-4a25-98a5-ccd83d3c903a /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"	Jump to behavior
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec /track-guid:b9592fc5-5741-4a25-98a5-ccd83d3c903a
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Process created: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp "C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp" /SL5="$90282,26511452,832512,C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\net.exe "net" stop BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\net.exe "net" stop BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\sc.exe "sc" delete BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-K0BUO.tmp\_isetup\_setup64.tmp helper 105 0x42C
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: unknown unknown
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Process created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6292 -ip 6292
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 972
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process created: unknown unknown
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: zipfldr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: version.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: wldp.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: profapi.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: dpapi.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: winhttp.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: mswsock.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: winnsi.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: webio.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: sspicli.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: schannel.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: msasn1.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: gpapi.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Section loaded: cscapi.dll
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-K0BUO.tmp\_isetup\_setup64.tmp	Section loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: msxml3.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: taskschd.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\icacls.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: wldp.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: propsys.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: profapi.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: edputil.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: netutils.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: slc.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: userenv.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: sppc.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: version.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: opengl32.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: wsock32.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: winmm.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: lua53-64.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: wininet.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: glu32.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: msimg32.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: tcc64-32.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: tcc64-64.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: wldp.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: propsys.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: textshaping.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: xinput1_4.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: devobj.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: inputhost.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: profapi.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: winnsi.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: netutils.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: schannel.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: dpapi.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: duser.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: xmllite.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: atlthunk.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: edputil.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: slc.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: userenv.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: sppc.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Cheat Engine.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Cheat Engine.exe
Source: Cheat Engine (64-bit SSE4-AVX2).lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
Source: Cheat Engine (64-bit).lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe
Source: Cheat Engine (32-bit).lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\cheatengine-i386.exe
Source: Cheat Engine tutorial.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Tutorial-i386.exe
Source: Cheat Engine tutorial (64-bit).lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe
Source: Cheat Engine help.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\CheatEngine.chm
Source: Unload kernel module.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
Source: Reset settings.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\ceregreset.exe
Source: Lua documentation.lnk.10.dr	LNK file: ..\..\..\..\..\..\Windows\system32\notepad.exe
Source: Uninstall Cheat Engine.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\unins000.exe
Source: Cheat Engine.lnk0.10.dr	LNK file: ..\..\..\Program Files\Cheat Engine 7.5\Cheat Engine.exe

Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe

File written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini

Reads the Windows registered owner settings

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Executable creates window controls seldom found in malware

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Found GUI installer (many successful clicks)

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Automated click: Next
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Automated click: OK
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Automated click: OK

Uses Rich Edit Controls

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Found window with many clickable UI elements (buttons, textforms, scrollbars etc)

Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Window detected: Number of UI elements: 24
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Window detected: Number of UI elements: 39

Creates a directory in C:\Program Files

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Directory created: C:\Program Files\Norton\Browser\NortonBrowserUninstall.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\unins000.dat
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-LB5OD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-MTART.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-0G0TM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-9T5NT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-K6MH5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-2RDUM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-QJSEK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3MBRG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4H3E6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32\is-AOM6Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64\is-0BCA6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32\is-0OS4A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64\is-7TPL7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win32\is-5JTH0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\win64\is-75A04.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-HME12.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3C6G0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-VBUE0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-24I47.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-298KH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-7Q5CB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-HRQ2J.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4D2E6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3KOLE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-Q7DRT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-RBU7H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-NPNPQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-RJ6EI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-MQ1KH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-S8B9H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-NBC6R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-70BUK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-IJQFS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-DBQ9C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-50KP0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4HAOD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-78OBP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-8G2RP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-Q6VO1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-5922L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-S6F9T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-4J19G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-QKIFN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-8Q4O2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-8SLG2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-F0SFA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-OR7FQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-I5F7F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-JMH80.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-JJBTV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-44CC1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-B5TJI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-OL6VE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-CLTQ6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-V5VS4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-JP1J3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-BR785.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-SUSSO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-70FRS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-2KOGR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-IOSNS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-SDMIC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-PLNB1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-4Q1BH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-O9Q8C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-9U0RQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-K8SDA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-HKILU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-6J8NC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-R00DR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-7NEAF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-GNGMP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-QJL6L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-B5EH7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-BR3E9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-N738R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-CIURU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-KJV2L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-04N8G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-9VBQS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-H4510.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-3C6IU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-I08CQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-Q7RFI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-U7L3I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\is-SM06P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-7HMJ2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-Q48TO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-7UOLD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-S1JMU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-MR0MU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-EI6G4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-G03C8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-FDRG6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-OR2O6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-C3O5E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-BT11S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-43AJ9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-FLJQJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-K79GF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-D83K0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-TKIKU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-VK45T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-GC3NU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-VCH4D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-OJ9TU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-2FR5R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-GK3MK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\tcc
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\tcc\is-M6HOQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2AHB0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-4KLA5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-R2FR8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-HCTR0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-NDQCS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3D26K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-1NE8J.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-VRBOM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-2DD8C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-C72J0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-S8QLD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-MDU3L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-RVEM5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-426B0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-B7SCC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-LTHHK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-ME631.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-6MAEC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-I3SCB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3DASC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-5R3FO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-L3N0T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-TPR80.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-UP51K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-U75H1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-IRTAB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-L1763.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-AKV35.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-9FVFL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-PJLMD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-O5I1D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-1DA6M.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-UHV8B.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-IDTKR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-TT78L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-QONLV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-AVJBR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-CFLPE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-2D1UK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-DA6UQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-8TGUU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-GCVRT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\languages\is-692Q1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-VKJIS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-2JPQC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-NUSO1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3265L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-4F380.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-D42AS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-PIADI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-2GQ07.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-5AJNR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BKNH7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-V0207.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ECJSG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-78908.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-L1524.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-6TLNO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-M1718.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-T0R2S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-SUR6B.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ONEVU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-FFQ95.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-2D45H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-A7KQL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-Q3C8H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\images
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-1DU32.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-3VEHV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BOTFQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-TSV58.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BH2HL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-UU2LT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5NNAH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-BQADR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ANDBM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-CEL34.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-OA13J.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-89VU3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-UTFRU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-K2KFB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-9KS7N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\is-C9ULO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-VGT14.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-8KNKB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-4FINL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-47GOH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-KFVE1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-R7BFR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-4RT86.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-LO9E6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-H6F9C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-NK13K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-KJ922.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-JS32G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-MN8DU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-5RRLD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-0OU20.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\xml
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\xml\is-GNT57.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs32
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs32\is-B30AF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs64
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\clibs64\is-K8UEV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-Q14OP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-4PQA1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-QRS1L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-LGQU1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-OTCB4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-ALU8P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-2M6AB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-67UKC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-7TGHP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-NCBT5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-665F7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-LM17N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-SLVPH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-U836T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-1QHF1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-KRIHR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-HR134.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-O6V9Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-D49SI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NO8GF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-R0Q39.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-DQKDK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-ARBUH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-S2D5C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-KGL2P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-BIDU2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-CG8FN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-GVCM9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-O36UB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-FUCAS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-MQPUR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-3D3CV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-8FL6N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-AR37R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-SLQEM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-QCBN5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-CVS0N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-DMNCN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-DNPM0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-MSC6K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\is-UPK50.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-JUSL7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-UOIVF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-IN5H3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-HCP0C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-J7K13.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-OK39U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-1V0GB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-7MEJJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-AR9K4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-3PV83.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-2CS23.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-F97JC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-I3IM2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-DQ90M.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-CFR84.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-3AB8G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-CRBIK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-DV6EG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-1DJ85.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-0JRFM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-LPLPI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-N3N08.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-PJPBU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-SBQPM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-M5LUL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-BN9ON.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-VAH19.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-N0IB9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-A3HPK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-HUJEK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-8NPPR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-CPNT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-PAE68.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-D14CO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-D3TBF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-DEJS7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-JJD49.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\badassets\is-9JUHQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\is-OETFQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Directory created: C:\Program Files\Cheat Engine 7.5\unins000.msg
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Directory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\server.txt

Creates a software uninstall entry

Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine_is1

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Static file information: File size 29932568 > 1048576

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3650560887.0000000000455000.00000002.00000001.01000000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2186074409.0000000000455000.00000002.00000001.01000000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp
Source:	Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3677455913.000000006F6F6000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3674626283.000000006AF6E000.00000002.00000001.01000000.00000016.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb@ source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdba source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateComRegisterShell64.exe, 0000002C.00000000.2448062254.00007FF757B3B000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateComRegisterShell64.exe, 0000002C.00000000.2448062254.00007FF757B3B000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 00000019.00000003.2277887899.0000000004272000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3675093800.000000006AFA3000.00000002.00000001.01000000.00000015.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3676772977.000000006B1F2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.3659933566.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2154058664.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: is-LPLPI.tmp.10.dr

Static PE information: 0xB4CEDA5D [Mon Feb 15 10:26:37 2066 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_002A2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,

5_2_002A2B30

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp.0.dr	Static PE information: section name: .didata
Source: CheatEngine75.exe.1.dr	Static PE information: section name: .didata
Source: saBSI.exe.1.dr	Static PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.1.dr	Static PE information: section name: .didat
Source: installer.exe.5.dr	Static PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.6.dr	Static PE information: section name: .didat
Source: icarus_ui.exe.8.dr	Static PE information: section name: _RDATA
Source: dump_process.exe.8.dr	Static PE information: section name: .didat
Source: dump_process.exe.8.dr	Static PE information: section name: _RDATA
Source: bug_report.exe.8.dr	Static PE information: section name: _RDATA
Source: icarus.exe.8.dr	Static PE information: section name: .didat
Source: icarus.exe.8.dr	Static PE information: section name: _RDATA
Source: CheatEngine75.tmp.9.dr	Static PE information: section name: .didata
Source: is-3265L.tmp.10.dr	Static PE information: section name: /4
Source: is-3D3CV.tmp.10.dr	Static PE information: section name: /4
Source: is-LB5OD.tmp.10.dr	Static PE information: section name: .didata
Source: is-9T5NT.tmp.10.dr	Static PE information: section name: /4

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Code function: 1_2_0019049F push cs; ret	1_2_001904A4
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002D8DDB push ecx; ret	5_2_002D8DEE
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_00307CFD push ecx; ret	5_2_00307D12
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A61396 push ecx; ret	6_2_00A613A9
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF667F6 push ecx; ret	7_2_6AF66809
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9F466 push ecx; ret	7_2_6AF9F479
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B036B10 push ecx; ret	7_2_6B036B23
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0369B6 push ecx; ret	7_2_6B0369C9
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AFE66B5 push ss; retf	7_2_6AFE66B6

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe

Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u

6_2_00A5A100

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-70BUK.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-50KP0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdate.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dll	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus_ui.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-IRTAB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_te.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_et.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_iw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-8SLG2.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-L3N0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-O5I1D.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\reboot.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-RJ6EI.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Users\user\AppData\Local\Temp\is-K0BUO.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_vi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_rvrt.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\npNortonBrowserUpdate3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\jsisdl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_am.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-VBUE0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-IJQFS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_is.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateComRegisterShell64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win32\is-5JTH0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sk.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\sciterui.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-HRQ2J.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-UP51K.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_lt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_de.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fil.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_th.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus.exe	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus_mod.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-S8B9H.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-24I47.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\zbShieldUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-MQ1KH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-78OBP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-1DA6M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_es.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_product.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ru.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_id.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-I3SCB.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	File created: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-5922L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	File created: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ja.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_da.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Program Files\Norton\Browser\NortonBrowserUninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-MTART.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ur.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-5R3FO.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win32\dbghelp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\clibs32\is-B30AF.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-NPNPQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	File created: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_ui.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-4D2E6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-TPR80.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-U75H1.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_tr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\acuapi_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-NBC6R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-N3N08.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\Midex.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-3265L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-Q7DRT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-Q6VO1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\aswOfferTool.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-3DASC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-0G0TM.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-LPLPI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_nl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ca.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ro.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\clibs64\is-K8UEV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-RBU7H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_cs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-9T5NT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_bn.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-LB5OD.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win64\is-7TPL7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_en.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_kn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win64\dbghelp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tcc64-64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-NUSO1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\lua53-64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-3KOLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-4PQA1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fa.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_el.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-QRS1L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-DBQ9C.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win64\is-75A04.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-Q14OP.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_bg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_mr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win32\is-0OS4A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe (copy)	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\icarus_rvrt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_lv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-4HAOD.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-2RDUM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\tcc64-32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-OTCB4.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\icarus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\thirdparty.dll	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-LGQU1.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-PJPBU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ta.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\acuapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win32\is-AOM6Q.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_uk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-K6MH5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-8G2RP.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-7Q5CB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\jsis.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fi.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\dump_process.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\icarus_product.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\win64\is-0BCA6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-298KH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_no.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\JsisPlugins.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	File created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\Program Files\Cheat Engine 7.5\is-3D3CV.tmp	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe

6_2_00A552F0

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe

Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u

6_2_00A5A100

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Changes image file execution options

Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Creates or modifies windows services

Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine.lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit SSE4-AVX2).lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit).lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (32-bit).lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial.lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial (64-bit).lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine help.lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff\Unload kernel module.lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Reset settings.lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Lua documentation.lnk
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Uninstall Cheat Engine.lnk

Uses net.exe to stop services

Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp

Process created: C:\Windows\System32\net.exe "net" stop BadlionAntic

Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp

Process created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic

Hooking and other Techniques for Hiding and Protection

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00290540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,

5_2_00290540

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Uses cacls to modify the permissions of files

Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp

Process created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI			Jump to behavior

Contain functionality to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: VBoxService.exe VBoxService.exe \VMware\VMware Tools \VMware\VMware Tools QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual BOCHS VBOX PRLS		7_2_6B1F0B40
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: VBoxService.exe VBoxService.exe		7_2_6B1F1840

Contains functionality to compare user and computer (likely to detect sandboxes)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,

7_2_6B1F0B40

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: norton_secure_browser_setup.exe	Binary or memory string: DIR_WATCH.DLL
Source: norton_secure_browser_setup.exe	Binary or memory string: JOEBOXSERVER.EXE
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.3677020274.000000006B1FC000.00000004.00000001.01000000.00000010.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: norton_secure_browser_setup.exe	Binary or memory string: SBIEDLL.DLL
Source: norton_secure_browser_setup.exe	Binary or memory string: API_LOG.DLL
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <DEST>%PRODUCT_INST_A64%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: norton_secure_browser_setup.exe	Binary or memory string: SNIFF_HIT.EXE
Source: norton_secure_browser_setup.exe	Binary or memory string: JOEBOXCONTROL.EXE
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: norton_secure_browser_setup.exe	Binary or memory string: C:\MDS\WINDUMP.EXE
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: norton_secure_browser_setup.exe	Binary or memory string: SYSANALYZER.EXE
Source: norton_secure_browser_setup.exe	Binary or memory string: WIRESHARK.EXE

Contains capabilities to detect virtual machines

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Tools	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00264C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

5_2_00264C8E

Contains functionality to detect virtual machines (SLDT)

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Code function: 1_2_001973E0 sldt word ptr [eax]

1_2_001973E0

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Window / User API: threadDelayed 3828
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Window / User API: threadDelayed 1411
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Window / User API: threadDelayed 2584
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Window / User API: windowPlacementGot 1200

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-70BUK.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdate.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-50KP0.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-IRTAB.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus_ui.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_te.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_et.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_iw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-8SLG2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-L3N0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-O5I1D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\reboot.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-RJ6EI.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_vi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_rvrt.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\npNortonBrowserUpdate3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\jsisdl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_am.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-VBUE0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-IJQFS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_is.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-5JTH0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sk.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\sciterui.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-HRQ2J.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-UP51K.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_lt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fil.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_de.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_th.dll	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus_mod.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-S8B9H.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-24I47.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\zbShieldUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-MQ1KH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-78OBP.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-1DA6M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_es.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_product.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ru.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_id.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-I3SCB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-5922L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ja.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_da.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ur.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-5R3FO.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs32\is-B30AF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-NPNPQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\psuser.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\icarus_ui.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-4D2E6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-U75H1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-TPR80.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_tr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\acuapi_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-NBC6R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-N3N08.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\Midex.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\aswOfferTool.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-Q7DRT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-Q6VO1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-3DASC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-LPLPI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_nl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ca.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ro.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs64\is-K8UEV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-RBU7H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_cs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-9T5NT.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_bn.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-7TPL7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_en.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_kn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-NUSO1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-3KOLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fa.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-4PQA1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_el.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-QRS1L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-DBQ9C.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\dump_process.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-75A04.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-Q14OP.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av\dump_process.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_bg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_mr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-0OS4A.tmp	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\icarus_rvrt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_lv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-4HAOD.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-OTCB4.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\thirdparty.dll	Jump to dropped file
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\bug_report.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-LGQU1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-PJPBU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ta.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\acuapi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-AOM6Q.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_uk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-K6MH5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-8G2RP.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-7Q5CB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\jsis.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fi.dll	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\dump_process.exe	Jump to dropped file
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Dropped PE file which has not been started: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\avg-av-vps\icarus_product.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-0BCA6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-298KH.tmp	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUM98FE.tmp\goopdateres_no.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\JsisPlugins.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Dropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-3D3CV.tmp	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_5-85382

Found evasive API chain checking for process token information

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp TID: 1228	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp TID: 4936	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 4600	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe TID: 5796	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe TID: 2180	Thread sleep time: -9570000s >= -30000s
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe TID: 2180	Thread sleep time: -6460000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe

File opened: PhysicalDrive0

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File Volume queried: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File Volume queried: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File Volume queried: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_004028D5 FindFirstFileW,	7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_0040679D FindFirstFileW,FindClose,	7_2_0040679D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B1E7010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,	7_2_6B1E7010

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_002C2782 VirtualQuery,GetSystemInfo,

5_2_002C2782

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: norton_secure_browser_setup.exe	Binary or memory string: VMware
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.{D
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: s,utm.campaign:opera_new_a","c":"opera_new_a","a":["OperaSetup","OperaSetup.exe","OperaGXSetup.exe","OperaGXSetup"],"r":["Opera Software"],"cp":"https://www.opera.com/he/privacy","ctu":"https://www.opera.com/he/eula/computers","ov":100,"cbfo":true,"pv":"1.23","v":3,"x":3}},{"ad":{"n":"","f":"ZB_TotalSecurity_V4","o":"TotalSecurity_AV"},"ps":{"i":"TotalSecurity_AV/images/1127/V4/EN.png","dn":"360 Total Security","u":"TotalSecurity_AV/files/1127/ts360Setup.zip","p":"/s","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360totalsecurity.com/en/privacy/","ctu":"https://www.360totalsecurity.com/en/license/","pv":"1.26","cbfo":true,"v":1}},{"ad":{"n":9,"nn":"Med_Ntiles","f":"ZB_Avast_NCH","o":"Avast_NCH"},"ps":{"i":"AVAST/images/DOTPS-1511/547X280/EN.png","dn":"Avast Antivirus","u":"AVAST/files/cookie_mmm_irs_ppi_005_888_a.zip","p":"/silent /ws /psh:{pxl}","r":["AVAST Software\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4CB91122-AA85-4431-953C-BEFAEC86DA97}_is1","WebBar","WebDiscoverBrowser","AVG\\Antivirus\\Version","AVG\\AV\\Dir"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"a":["AvastSvc","instup","AvastUI","AVGUI","avguix","AVGSvc","avgsvca"],"ctu":"https://www.avast.com/eula-avast-consumer-products","cp":"https://www.avast.com/privacy-policy","ov":61,"cbfo":true,"pv":"1.29","x":13,"disk":2560,"ram":256,"eapp":["chrome.exe"],"v":1}}],"c":""}!T
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2187838963.000000000339F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: norton_secure_browser_setup.exe	Binary or memory string: VBoxService.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2191397234.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2190814115.00000000033A8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2191081077.00000000033A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllavg-icarus<
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2205386317.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3056688108.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2260701530.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219966819.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2319653795.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2418710531.00000000033A0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3660481875.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2438168493.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220998708.00000000033A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@}=
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2954431830.0000000000A17000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2153977418.00000000034C9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2163922755.00000000034C9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2792971371.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3654316282.0000000000689000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2153977418.00000000034C9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2163922755.00000000034C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWz]e
Source: norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%hd0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A27000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 3}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efD
Source: norton_secure_browser_setup.exe	Binary or memory string: QEMU_
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2792971371.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3654316282.0000000000689000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3650087301.0000000000608000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW $i%SystemRoot%\system32\mswsock.dll
Source: norton_secure_browser_setup.exe	Binary or memory string: \VMware\VMware Tools
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2190741650.00000000033A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_6B1F0B40 CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,

7_2_6B1F0B40

Checks if the current process is being debugged

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process queried: DebugPort			Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_002F70B4 IsDebuggerPresent,OutputDebugStringW,

5_2_002F70B4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00275204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,

5_2_00275204

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00264C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

5_2_00264C8E

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_00307BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

5_2_00307BC0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_002A2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,

5_2_002A2B30

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002EE8FE mov eax, dword ptr fs:[00000030h]	5_2_002EE8FE
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002F7C6A mov eax, dword ptr fs:[00000030h]	5_2_002F7C6A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002F7CAE mov eax, dword ptr fs:[00000030h]	5_2_002F7CAE
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002F7CF2 mov eax, dword ptr fs:[00000030h]	5_2_002F7CF2
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002F7D23 mov eax, dword ptr fs:[00000030h]	5_2_002F7D23
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A67C5A mov eax, dword ptr fs:[00000030h]	6_2_00A67C5A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF65683 mov eax, dword ptr fs:[00000030h]	7_2_6AF65683
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF8FBBF mov eax, dword ptr fs:[00000030h]	7_2_6AF8FBBF
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF914BE mov eax, dword ptr fs:[00000030h]	7_2_6AF914BE
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9147A mov eax, dword ptr fs:[00000030h]	7_2_6AF9147A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0E7528 mov eax, dword ptr fs:[00000030h]	7_2_6B0E7528
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0E75B4 mov eax, dword ptr fs:[00000030h]	7_2_6B0E75B4
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0D0835 mov eax, dword ptr fs:[00000030h]	7_2_6B0D0835

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_0026463F GetProcessHeap,

5_2_0026463F

Enables debug privileges

Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process token adjusted: Debug
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process token adjusted: Debug
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002D9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_002D9018
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002D93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_002D93F2
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002DD453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_002DD453
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: 5_2_002D9586 SetUnhandledExceptionFilter,	5_2_002D9586
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A610FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00A610FF
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A61292 SetUnhandledExceptionFilter,	6_2_00A61292
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A613AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00A613AB
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Code function: 6_2_00A64476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00A64476
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF66349 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_6AF66349
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF6504A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6AF6504A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF669A2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6AF669A2
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9F76F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6AF9F76F
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF8FCD2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6AF8FCD2
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6AF9F47B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_6AF9F47B
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B037AD6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6B037AD6
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B037CDA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_6B037CDA
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B0B7181 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6B0B7181
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: 7_2_6B1E58D0 lstrcmpW,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	7_2_6B1E58D0

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

NtQueryInformationProcess: Indirect: 0x7FFDFB6BC34D

Contains functionality to execute programs as a different user

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_6B1EB610 nsExecLogonUser,

7_2_6B1EB610

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /ga_clientid:b9592fc5-5741-4a25-98a5-ccd83d3c903a /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec	Jump to behavior
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec /track-guid:b9592fc5-5741-4a25-98a5-ccd83d3c903a
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-K0BUO.tmp\_isetup\_setup64.tmp helper 105 0x42C
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	Process created: unknown unknown
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe	Process created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6292 -ip 6292
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 972
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe	Process created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process created: unknown unknown
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Process created: unknown unknown

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hvrwhs3vwuipmbbbicevfeywa6bnyeo3ouurqxz1n2xpozesfjqk8de1eko42xxrqtatx7tg /cookie:mmm_irs_ppi_902_451_o /ga_clientid:b9592fc5-5741-4a25-98a5-ccd83d3c903a /edat_dir:c:\windows\temp\asw.a66b047c9b0289ec
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum98fe.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe c:\windows\temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\icarus-info.xml /install /silent /ws /psh:92ptu5hvrwhs3vwuipmbbbicevfeywa6bnyeo3ouurqxz1n2xpozesfjqk8de1eko42xxrqtatx7tg /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.a66b047c9b0289ec /track-guid:b9592fc5-5741-4a25-98a5-ccd83d3c903a
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe	Process created: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hvrwhs3vwuipmbbbicevfeywa6bnyeo3ouurqxz1n2xpozesfjqk8de1eko42xxrqtatx7tg /cookie:mmm_irs_ppi_902_451_o /ga_clientid:b9592fc5-5741-4a25-98a5-ccd83d3c903a /edat_dir:c:\windows\temp\asw.a66b047c9b0289ec	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"	Jump to behavior
Source: C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe	Process created: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe c:\windows\temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\icarus-info.xml /install /silent /ws /psh:92ptu5hvrwhs3vwuipmbbbicevfeywa6bnyeo3ouurqxz1n2xpozesfjqk8de1eko42xxrqtatx7tg /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.a66b047c9b0289ec /track-guid:b9592fc5-5741-4a25-98a5-ccd83d3c903a
Source: C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum98fe.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_6B1EA3A0 GetVersion,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

7_2_6B1EA3A0

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_002D9215 cpuid

5_2_002D9215

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	5_2_002F45DA
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	5_2_002FC907
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	5_2_002FC952
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	5_2_002FC9ED
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_002FCA80
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	5_2_002FCCE0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_002FCE06
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	5_2_002FCF0C
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_002FCFDB
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoEx,	5_2_002D7E28
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	5_2_002F3F6D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6AF94278
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	7_2_6AF9439E
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	7_2_6AF94025
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6AF91164
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6AF93EFF
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6AF93EB4
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6AF93E0D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6AF93F9A
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6AF944A4
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6AF90C40
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	7_2_6AF93C12
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	7_2_6AF94573
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	7_2_6B0EEB75
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6B0EEA4D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6B0E2F18
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	7_2_6B0EED50
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6B0EEC7D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoEx,	7_2_6B03637C
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	7_2_6B0EE3C3
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6B0EE76D
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	7_2_6B0EE7F8
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6B0EE669
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: EnumSystemLocalesW,	7_2_6B0EE6D2
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6B0EE5C0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,	7_2_6B0E39CC
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wsprintfW,	7_2_6B1E78C0
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: GetLocaleInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrcpyW,lstrcpyW,wsprintfW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,	7_2_6B1E7510
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	Code function: nsGetLocaleInfo,GetLocaleInfoW,	7_2_6B1EE580

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\logo.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\WebAdvisor.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\AVG_AV.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\AVG_BRW.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\finish.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Code function: 5_2_002F4619 GetSystemTimeAsFileTime,

5_2_002F4619

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_6B1279B6 __EH_prolog3_GS,LookupAccountNameW,GetLastError,

7_2_6B1279B6

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe

Code function: 7_2_6B0E26E8 _free,GetTimeZoneInformation,_free,

7_2_6B0E26E8

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe

Code function: 6_2_00A541B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,

6_2_00A541B0

Source: C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: norton_secure_browser_setup.exe	Binary or memory string: C:\virus\virus.exe
Source: norton_secure_browser_setup.exe	Binary or memory string: wireshark.exe
Source: norton_secure_browser_setup.exe	Binary or memory string: C:\Kit\procexp.exe
Source: norton_secure_browser_setup.exe	Binary or memory string: C:\virus.exe

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Disables exception chain validation (SEHOP)

Source: C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior

OS version to string mapping found (often used in BOTs)

Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WIN_XP
Source: norton_secure_browser_setup.exe, 00000007.00000002.3675839130.000000006B13E000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: k...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J
Source: norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
1 Software	Acquire Infrastructure	2 Valid Accounts	3 Native API	1 LSASS Driver	1 Abuse Elevation Control Mechanism	3 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	1 Replication Through Removable Media	12 Command and Scripting Interpreter	1 DLL Side-Loading	1 LSASS Driver	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	1 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Image File Execution Options Injection	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	1 Clipboard Data	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Service Execution	2 Valid Accounts	1 Image File Execution Options Injection	2 Obfuscated Files or Information	NTDS	4 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	22 Windows Service	2 Valid Accounts	1 Timestomp	LSA Secrets	57 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	1 Scheduled Task/Job	21 Access Token Manipulation	1 DLL Side-Loading	Cached Domain Credentials	1 Query Registry	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	11 Registry Run Keys / Startup Folder	22 Windows Service	1 File Deletion	DCSync	681 Security Software Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	1 Bootkit	12 Process Injection	23 Masquerading	Proc Filesystem	25 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	1 Services File Permissions Weakness	1 Scheduled Task/Job	2 Valid Accounts	/etc/passwd and /etc/shadow	12 Process Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	11 Registry Run Keys / Startup Folder	1 Modify Registry	Network Sniffing	1 Application Window Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	1 Services File Permissions Weakness	25 Virtualization/Sandbox Evasion	Input Capture	3 System Owner/User Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	21 Access Token Manipulation	Keylogging	1 Remote System Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	12 Process Injection	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service
Business Relationships	Server	Trusted Relationship	Visual Basic	Container Orchestration Job	Container Orchestration Job	1 Bootkit	Web Portal Capture	Local Groups	Component Object Model and Distributed COM	Local Email Collection	Internal Proxy	Commonly Used Port	Direct Network Flood
Identify Business Tempo	Botnet	Hardware Additions	Python	Hypervisor	Process Injection	1 Services File Permissions Weakness	Credential API Hooking	Domain Groups	Exploitation of Remote Services	Remote Email Collection	External Proxy	Transfer Data to Cloud Account	Reflection Amplification

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	39%	ReversingLabs	Win32.Trojan.Generic
SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	100%	Avira	PUA/OfferCore.Gen

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler64.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateBroker.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateComRegisterShell64.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateCore.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateOnDemand.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateSetup.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateWebPlugin.exe	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\acuapi.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\acuapi_64.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdate.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_am.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ar.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_bg.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_bn.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ca.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_cs.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_da.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_de.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_el.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_en-GB.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_en.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_es-419.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_es.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_et.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fa.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fi.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fil.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_fr.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_gu.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hi.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hr.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_hu.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_id.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_is.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_it.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_iw.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ja.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_kn.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ko.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_lt.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_lv.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ml.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_mr.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ms.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_nl.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_no.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pl.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pt-BR.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_pt-PT.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ro.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ru.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sk.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sl.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sr.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sv.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_sw.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ta.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_te.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_th.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_tr.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_uk.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_ur.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_vi.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_zh-CN.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\goopdateres_zh-TW.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\npNortonBrowserUpdate3.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\psmachine.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\psmachine_64.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\psuser.dll	0%	ReversingLabs
C:\Program Files (x86)\GUM98FE.tmp\psuser_64.dll	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe	0%	ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.innosetup.com/	0%	URL Reputation	safe
https://wwww.certigna.fr/autorites/0m	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
http://www.quovadisglobal.com/cps0	0%	URL Reputation	safe
http://ocsp.accv.es0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
http://www.dk-soft.org/	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://webcompanion.com/terms	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ocsp.suscerte.gob.ve0	norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.dhimyotis.com/certignarootca.crl0	norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://analytics.apis.mcafee.comse	saBSI.exe, 00000005.00000002.2631938277.000000000345E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.chambersign.org1	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://honzik.avcdn.net/defs/avg-av/release.xml.lzma	avg_antivirus_free_online_setup.exe, 00000008.00000003.2208849459.0000000003400000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2205386317.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2221477162.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2262252659.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033BA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2208230237.00000000033BA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2320190560.00000000033BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2219658013.00000000033F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.ssc.lt/root-c/cacrl.crl0	norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.avg.com/ww-en/privacynet/r	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://docs.google.com/	norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ca.disig.sk/ca/crl/ca_disig.crl0	norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625213060.0000000004950000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3674119947.0000000004950000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.avg.com/ww-en/eulat.net	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.000000000387D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.000000000387A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.000000000386E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://firefoxextension.avast.com/aos/update.json	avg_antivirus_free_online_setup.exe, 00000008.00000003.2419022371.0000000005C61000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sadownload.mcafee.com/products/sa/bsi/win/binary/	saBSI.exe, 00000005.00000003.2619283321.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2499502259.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619527807.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2500290213.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2283702776.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.avast.com/priv/U	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.suscerte.gob.ve/dpc0	norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.disig.sk/ca/crl/ca_disig.crl0	norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625213060.0000000004950000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3674119947.0000000004950000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.avg.com/ww-en/eula/en-us/	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2153248293.0000000006A14000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.avg.com/ww-en/privacynet/c	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.000000000387E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.000000000387D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2172478611.000000000387A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2171663493.000000000386E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.innosetup.com/	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000000.1769759551.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 00000009.00000003.2198323283.000000007FB30000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://winqual.sb.avast.com	avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://pki.registradores.org/normativa/index.htm0	norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://policy.camerfirma.com0	norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?	norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0	avg_antivirus_free_setup.exe, 00000006.00000003.2792971371.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000684000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000668000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2791974919.0000000000656000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3654316282.0000000000689000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2793517435.0000000000687000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3653319055.0000000000657000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.certicamara.com/dpc/0Z	norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://wwww.certigna.fr/autorites/0m	norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drive-daily-2.corp.google.com/	norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://repository.tsp.zetes.com0	norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe	avg_antivirus_free_setup.exe, 00000006.00000003.2164152045.0000000000641000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2163996407.0000000000656000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://drive-daily-5.corp.google.com/	norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pair.ff.avast.com	avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.mcafee.com/consumer/en-us/policy/legal.html:	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://https://:allow_fallback/installer.exe	avg_antivirus_free_setup.exe, 00000006.00000002.3659933566.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2154058664.0000000000A73000.00000002.00000001.01000000.0000000E.sdmp	false		unknown
http://submit.sb.avast.com/V1/PD/	avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://honzik.avcdn.net/70S	avg_antivirus_free_setup.exe, 00000006.00000002.3652601549.000000000063B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2791974919.0000000000638000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2164152045.0000000000641000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cheatengine.org/	CheatEngine75.exe, 00000009.00000003.2369639447.0000000002291000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://www.mcafee.com/consumer/en-us/policy/legal.htmlM	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cheatengine.org/privacy.htmdpro	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2954431830.00000000009E8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sadownload.mcafee.com/products/SA/v1/bsi	saBSI.exe, 00000005.00000003.2619864193.0000000005A54000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2619603678.0000000005A51000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl2.postsignum.cz/crl/psrootqca4.crl01	norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe	avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.acabogacia.org0	norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.avast.com0/	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2152994718.0000000006A17000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.nortonlifelock.com/us/en/legal/license-services-agreement/D	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://webcompanion.com/terms7	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://web.certicamara.com/marco-legal0Z	norton_secure_browser_setup.exe, 00000007.00000003.3623423878.0000000004934000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.quovadisglobal.com/cps0	norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reasonlabs.com/policies	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://d34hwk9wxgk5fi.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.00000000037D6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.correo.com.uy/correocert/cps.pdf0	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3625409858.00000000048D1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ipm.avcdn.net/	avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sadownload.mcafee.com/	saBSI.exe, 00000005.00000003.2179047230.00000000034DC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.avg.com/ww-en/privacy-us/	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2153248293.0000000006A14000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://v7event.stats.avast.com/	avg_antivirus_free_setup.exe, 00000006.00000002.3650087301.0000000000608000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2959380110.0000000002524000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.anf.es/AC/RC/ocsp0c	norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2038712636.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml	saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2620317057.0000000003524000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.ancert.com/cps0	norton_secure_browser_setup.exe, 00000007.00000003.3623502554.000000000495F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s	avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://%s:%d;https=https://%s:%dContent-EncodingHTTP/1.0deflate:	norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000030DB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe	avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ocsp.accv.es0	norton_secure_browser_setup.exe, 00000007.00000003.3624289073.0000000004902000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624964106.0000000004908000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0	norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://rca.e-szigno.hu/ocsp0-	norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1768609412.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1766632259.0000000002710000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623911089.0000000004926000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.nortonlifelock.com/us/en/legal/license-services-agreement/EC86Dv	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003899000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml	saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2631938277.0000000003522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2178006483.000000000351F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn-%HOST_PREFIX%update.norton.securebrowser.com/installer/%VERSION%/norton-securebrowser%ED	norton_secure_browser_setup.exe, 00000007.00000002.3665145583.00000000027C0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://analytics.apis.mcafee.com/I	saBSI.exe, 00000005.00000002.2631938277.00000000034C7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.nortonlifelock.com/us/en/pr	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007601000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://%s:%d;https=https://%s:%dHTTP/1.0	avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.dk-soft.org/	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2971580828.0000000002376000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1764203264.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1771125880.0000000003500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2968290783.0000000007626000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.avg.com/ww-en/privacynet/	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2427596578.0000000003889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2963870305.0000000003887000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405321142.0000000003884000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0	norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.thawte.com/cps0/	norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://drive-daily-0.corp.google.com/	norton_secure_browser_setup.exe, 00000007.00000003.2217217283.0000000000856000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/images/1509/EN.png	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2956357504.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000002.2962448261.0000000003854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.2405788338.0000000000A37000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.thawte.com/repository0W	norton_secure_browser_setup.exe, 00000007.00000002.3668568273.00000000033C9000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.defence.gov.au/pki0	norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0	norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634258638.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.catcert.net/verarrel05	norton_secure_browser_setup.exe, 00000007.00000003.3623570341.0000000004953000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE	saBSI.exe, 00000005.00000000.2132290597.000000000031E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.2630328015.000000000031E000.00000002.00000001.01000000.0000000D.sdmp	false		unknown
http://www.datev.de/zertifikat-policy-bt0	norton_secure_browser_setup.exe, 00000007.00000003.3624964106.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.comsign.co.il/cps0	norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634258638.0000000004917000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://d34hwk9wxgk5fi.cloudfront.net:443/f/WebAdvisor/images/943/EN.pngI	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000001.00000003.1869158376.00000000037CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673867295.0000000004920000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3634613540.0000000004920000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000000.1763606284.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		unknown
http://www.e-me.lv/repository0	norton_secure_browser_setup.exe, 00000007.00000003.3623336194.0000000004942000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623502554.000000000495F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	avg_antivirus_free_setup.exe, 00000006.00000003.2183024350.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3635298266.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3671889407.0000000003E41000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3673177293.0000000004829000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3626244780.0000000000886000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3662223600.0000000000886000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2358270721.0000000005D30000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2323796627.0000000006010000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3663419871.0000000005370000.00000002.00000001.00040000.00000012.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2267736968.0000000005D51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2220258633.0000000005B0B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2394887912.0000000005DF5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.chambersign.org/chambersroot.crl0	norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624222548.0000000004919000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3624138804.000000000490A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/	saBSI.exe, 00000005.00000003.2620225604.000000000351E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192344748.0000000003518000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2192376857.0000000003519000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com	avg_antivirus_free_online_setup.exe, 00000008.00000003.2448475872.0000000005C31000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.postsignum.cz/crl/psrootqca2.crl02	norton_secure_browser_setup.exe, 00000007.00000003.3624352365.00000000048F9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.3623714413.000000000484D000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.21.226	unknown	United States	13335	CLOUDFLARENETUS	false
108.138.2.128	unknown	United States	16509	AMAZON-02US	false
52.36.31.154	unknown	United States	16509	AMAZON-02US	false
34.160.176.28	unknown	United States	2686	ATGS-MMD-ASUS	false
104.20.95.94	unknown	United States	13335	CLOUDFLARENETUS	false
34.117.223.223	unknown	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
2.19.126.156	unknown	European Union	16625	AKAMAI-ASUS	false
23.212.89.10	unknown	United States	16625	AKAMAI-ASUS	false
104.20.86.8	unknown	United States	13335	CLOUDFLARENETUS	false
20.42.73.29	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532785
Start date and time:	2024-10-13 23:42:41 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	52
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Detection:	MAL
Classification:	mal56.rans.bank.spyw.evad.winEXE@85/870@0/13
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 89% Number of executed functions: 136 Number of non-executed functions: 200
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, conhost.exe
Execution Graph export aborted for target SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, PID 6292 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Simulations

Behavior and APIs

Time	Type	Description
17:45:21	API Interceptor	601092x Sleep call for process: cheatengine-x86_64-SSE4-AVX2.exe modified
22:44:48	Task Scheduler	Run new task: NortonUpdateTaskMachineCore path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/c
22:44:48	Task Scheduler	Run new task: NortonUpdateTaskMachineUA path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/ua /installsource scheduler
22:46:43	Task Scheduler	Run new task: Norton Private Browser Heartbeat Task (Hourly) path: C:\Program Files\Norton\Browser\Application\NortonBrowser.exe s>--type=heartbeat --hourly
22:46:43	Task Scheduler	Run new task: Norton Private Browser Heartbeat Task (Logon) path: C:\Program Files\Norton\Browser\Application\NortonBrowser.exe s>--type=heartbeat --logon
22:46:54	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NortonBrowserAutoLaunch_9295589C6A3342EB5FB8AB20D67446E2 "C:\Program Files\Norton\Browser\Application\NortonBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1.1.1.1	PO-230821_pdf.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
	AFfv8HpACF.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
	INVOICE_90990_PDF.exe	Get hash	malicious	FormBook	Browse	www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
	Go.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
104.18.21.226	faststone-capture_voLss-1.exe	Get hash	malicious	PureLog Stealer	Browse
	faststone-capture_voLss-1.exe	Get hash	malicious	PureLog Stealer	Browse
	moba-24.2-installer_M64ZB-1.exe	Get hash	malicious	PureLog Stealer	Browse
	hashtab-6.0.0.34-installer_rxb9-U1.exe	Get hash	malicious	PureLog Stealer	Browse
	SecuriteInfo.com.Riskware.OfferCore.702.11507.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	Form_Ver-14-00-21 (1).js	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse
	YandexPackLoader.exe	Get hash	malicious	Unknown	Browse
	YandexPackLoader.exe	Get hash	malicious	Unknown	Browse
	AnyDesk_new_Soft.exe	Get hash	malicious	Unknown	Browse
	wechat-3.9.7-installer_ae-GFz1.exe	Get hash	malicious	Coinhive, Crypto Miner, DarkComet, GhostRat, IcedID, LaZagne, Mini RAT	Browse
34.160.176.28	SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exe	Get hash	malicious	Unknown	Browse
	Team Fortress 2 Brotherhood Of Arms_aez-LU1.exe	Get hash	malicious	Unknown	Browse
	Team Fortress 2 Brotherhood Of Arms_aez-LU1.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Get hash	malicious	PrivateLoader	Browse
	SecuriteInfo.com.Riskware.OfferCore.5002.4698.exe	Get hash	malicious	PrivateLoader	Browse
	winrar-64-6.21-installer_AmGAP-1.exe	Get hash	malicious	PureLog Stealer	Browse
	ccsetup624.exe	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exe	Get hash	malicious	Xmrig	Browse	104.20.4.235
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Win32.Evo-gen.11764.10915.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
AMAZON-02US	https://fexegreuyauja-8124.vercel.app/mixc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.22
	https://verfiy-blue-badge-sign-up.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	76.76.21.98
	https://shawnoreplyonlineaccess.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	50.112.173.192
	https://webmaillshavv.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	50.112.173.192
	https://shawwebmailll.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	54.201.56.249
	https://pub-6e60812ea6034887a73a58b17a92a80f.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	18.239.18.15
	https://f120987.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	18.239.83.12
	https://japroippouquafou-5881.vercel.app/mixc.html	Get hash	malicious	HTMLPhisher	Browse	76.76.21.142
	https://kucoinexplora.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	52.214.156.76
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exe	Get hash	malicious	Xmrig	Browse	104.20.4.235
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Win32.Evo-gen.11764.10915.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler64.exe	Lisect_AVT_24003_G1B_127.exe	Get hash	malicious	PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler.exe	Lisect_AVT_24003_G1B_127.exe	Get hash	malicious	PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse
	SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	7854
Entropy (8bit):	5.494376771141946
Encrypted:	false
SSDEEP:	192:/geNKRyzSIgzSzXReJ7aY7jMgDwzgs+Bd4C/Q/Bp:/9KkzezkXRo2Y7jMgDBBd4C/Q/Bp
MD5:	FC46C5D1EC629D59B9942256C3DCE1CC
SHA1:	FD8C0E6DE0E4BA17604676888EB4B5CED15D4A3D
SHA-256:	5C10F063A7E72617ACD57F435ABA20E739D065DE9016934C88ED94079D9E2026
SHA-512:	172963B87A1C39BAA820A66D8746FA5FBF0B32F900FDCD2D47572E79DB3E610B685B1F28C999584ADF77892755DB597DFC44A2BD5D5F65D5BEA7055A302B5371
Malicious:	false
Preview:	...@IXOS.@.....@..MY.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{717B7059-A988-492F-AF1B-DCF70BE809AB}&.{469D3039-E8BB-40CB-9989-158443EEA4EB}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......SOFTWARE\Norton\Browser\Update.............................................. ...!.......?........... ... .......?...................?.........................................8......................1.?l.cL<.P...b....~z................. ... ...................$.N.......@....'.&...MsiStubRun..#0....RegisterProduct..Registering product..[1]......C:\Windows\Installer\4

Process:	C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	28
Entropy (8bit):	3.5566567074628233
Encrypted:	false
SSDEEP:	3:XVTKlUv:FTj
MD5:	B9EA04357667FD46353CA3E48F346261
SHA1:	CB35A329D04D990B937CB8C6C49ACC8D80AD45A3
SHA-256:	FDF34D3C6716526200DFC4F81AD1CB1BFDA51EC9DB20C2C0E7CDD08C179A6DE3
SHA-512:	5B07BA516C030BD3689F21939A2EEA417B603A9FA8BEBCF4D9BAED190B67E7784F1A0458A022450F5DDD99F6D9913BA45D2EB1DCE4E011842A5CB33B3695C93B
Malicious:	false
Preview:	28 mtime=1686233326.3398783.

Process:	C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33688
Entropy (8bit):	7.20956664617613
Encrypted:	false
SSDEEP:	768:zVYdpNkp9TvDXy2XmVEV3GPkjVvDXy2ulqwVEV3GPkjL:zVY1+nCDOEECDbOEw
MD5:	4ACE42D6530AF699FEB2372F805A6A40
SHA1:	FB8C7352808F104E851468F25D0DD14A25B8CFCA
SHA-256:	13DCE393B59B9EF4A5D4FCDC27267D018B350BDC44A62AACC5DBC7F1DF7F7A1C
SHA-512:	8BB770F304CD8BA23FB2A64370D74AC3FDC134235FF39802983B9BABDE12AB00E49A746F3C2113520F0E135CDFD1473C0B4B64272279D13E576912126AA556D2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0............."3... ...@....... ....................................`..................................2..O....@...................g...`...... 2..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........"..............................................................R..{....o.....o....&&...}......0............r...p(......,.....r...po.......8.....{.....o......{....r...p(........,..{.....{....o.....r;..p(.......{..........%...o......o....o...........,e....+F....o......o....o........(....rI..p.o......o....o....(....o........X.....o....o..........-...+....+....(.......s ...}.....{.....o!.....{.....o".....0............\|....(#.....,..\|....($....*....0..............(%..

Process:	C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	5727368
Entropy (8bit):	7.987929042344586
Encrypted:	false
SSDEEP:	98304:BiykuiGAGbjNHbd5lbDK4pdfAstezXYCvzV:BiyKGBZhKEmyezIUR
MD5:	F269C5140CBC0E376CC7354A801DDD16
SHA1:	BBCEEF9812A3E09D8952E2FE493F156E613837B2
SHA-256:	5AE1ACF84F0A59FA3F54284B066E90C8432071ACE514ACCB6303261D92C6A910
SHA-512:	BA271257C0DBFBFD63685449A5FA5EA876B31C4F1898F85AA1BE807F1E31846D12F2162F715FC320FB014D31C15501EA71FE73B3C981E201BFA1A448FF54745C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV._...PV..PW.MPV._...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f..........5............@.................................$.X...@..............................................(...........;W..(...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc....(.........................@..@................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\Temp\asw-b587398b-0039-49f3-a79c-a0dbe4cb19f9\common\icarus.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (608), with CRLF line terminators
Category:	modified
Size (bytes):	1400007
Entropy (8bit):	5.387513510610778
Encrypted:	false
SSDEEP:	6144:aIE5G1EspAuw36OGyUtHpbjdiPMli+4rcIjLkJfpCNXz2EE+aXRMv:hHpQPMli+4rdjLkJfpCNXzPE+aXRMv
MD5:	1313861C4234C80757AE5A85FCB748AD
SHA1:	108C07BE407967B290D125DF323DE79225AC6A95
SHA-256:	CE6F77B0521A7134BA252B95DF82E22B33F607575644116AC103574C3DB6B35F
SHA-512:	B9347EC9C7BBCCA423E7C0B2ED32E1FB752682530D1F4A7508A2241BF13AA9EFB369FCB876EAF5A4A1521ABA0B7E4CFF921229C4361857984340CF6D7A56D649
Malicious:	false
Preview:	.[2024-10-13 21:44:50.775] [info ] [entry ] [ 6504: 6500] [DF28B6: 39] Icarus has been started...[2024-10-13 21:44:50.775] [debug ] [settings_lt] [ 6504: 6500] [2C8384: 190] generic accessor for scheme registry set..[2024-10-13 21:44:50.775] [debug ] [event_rout ] [ 6504: 6500] [6A736D: 49] Registering request fallback handler for event_routing.enumerate_handlers. Description: event_routing_enumerate_handlers_handler..[2024-10-13 21:44:50.775] [debug ] [event_rout ] [ 6504: 6500] [6A736D: 49] Registering request fallback handler for event_routing.enumerate_handlers2. Description: event_routing_enumerate_handlers_handler..[2024-10-13 21:44:50.775] [debug ] [event_rout ] [ 6504: 6500] [6A736D: 49] Registering event handler for app.settings.PropertyChangedValue...[2024-10-13 21:44:50.775] [debug ] [event_rout ] [ 6504: 6500] [6A736D: 49] Registering event handler for app.settings.PropertyChanged...[2024-10-13 21:44:50.775] [debug ] [event_rout ] [ 6504: 6500] [6A736D:

Process:	C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (1464), with CRLF line terminators
Category:	modified
Size (bytes):	13859
Entropy (8bit):	5.5726222497696645
Encrypted:	false
SSDEEP:	384:Pkq65c7/Ms62Pb54maYlNPGsrtzrDSr9zraDbrHJrBBrtvtx4d1m42:Pkq65uMrYamaYrOsJKZGbtvi1m42
MD5:	B8629D0B79662C4E53CF483EEBEBADED
SHA1:	8DE6495A7E61F3EB4BB58A4D76AE857FC710C17E
SHA-256:	E4EF22C3601037930977647B37BE0E7333D97CD9C444D1D4DB2A1160638B2C9F
SHA-512:	222B6EBF3109183F74DC53DE06CFA699C04D8FB50B9606EDF79837689109BCD6C894BEF7F0C48C102A7ADBD363DA6FBD35109A71999B44BB40D86C16A74F487D
Malicious:	false
Preview:	.[2024-10-13 21:44:24.099] [info ] [isfx ] [ 5688: 6936] [A9733A: 183] * Starting SFX (24.9.8001.0), System(Windows 10 (10.0.19045) x64) *..[2024-10-13 21:44:24.099] [info ] [isfx ] [ 5688: 6936] [A9733A: 184] launched by:'2160-C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe'..[2024-10-13 21:44:24.146] [debug ] [device_id ] [ 5688: 6936] [D8D250: 70] Storing the new fingerprint..[2024-10-13 21:44:24.349] [info ] [isfx ] [ 5688: 6936] [B7A7B1: 34] SFX started with command line '/silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec /track-guid:b9592fc5-5741-4a25-98a5-ccd83d3c903a'..[2024-10-13 21:44:24.349] [debug ] [isfx ] [ 5688: 5956] [D8285D: 62] Sending report data: ({"record":[{"event":{"type":25,"subtype":1,"request_id":"6d092e90-9f43-41af-b4a4-23cf9eb81468","time":172886006753

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.412093184167142
Encrypted:	false
SSDEEP:	192:PSYytEBn06D8bFctjqBgirXRaIHdzuiFeZ24IO8YT:itEB06D8bFctj2XRb9zuiFeY4IO8YT
MD5:	61432042366106A9342178CCEDC3DD89
SHA1:	F360361D294DDB1410AA48CA74FEBAE2E1EE6773
SHA-256:	69476E68FE3810257DB7F8A6B41A71D41EE87D010D903FB5F0BE9845023C3521
SHA-512:	9744DB113ECF398C3BEDAB5AA6E49066EEEDABFD930EF4E6BF372F537008457DE4FD536224861D9BBB4B94D80523008EB878DA249EAEB3F3D516FAE42E75D22A
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.2.9.4.8.8.8.2.0.7.9.2.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.2.9.4.9.0.2.7.3.9.2.3.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.c.8.a.c.6.d.e.-.0.e.a.4.-.4.1.0.b.-.a.b.3.6.-.4.a.3.5.1.c.6.c.8.6.c.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.d.a.5.1.7.7.0.-.8.b.c.9.-.4.f.f.c.-.8.d.0.6.-.e.a.f.d.3.0.5.e.0.4.f.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...T.r.o.j.a.n...A.g.e.n.t...1.M.W.N.V.4...3.1.0.4.4...3.0.7.2.7...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.9.4.-.0.0.0.1.-.0.0.1.4.-.9.8.3.3.-.c.c.f.8.b.8.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	83706
Entropy (8bit):	3.03133703592831
Encrypted:	false
SSDEEP:	1536:ClVVZ1ZcM2dF/oGsbkQ0I3N+Em6juMGjtDI:ClVVZ1ZcM2dF/oGsbkQ0I9+Em6juMGjC
MD5:	634336D09A19B5AAE846E18F76D1B990
SHA1:	8595DF53CD4DBC4F4CA8B99D13B174E75CF490FA
SHA-256:	D48E4D153865267528A8951826ED72C0E9B0D5928AF3945203BFF3A1FA1165CB
SHA-512:	3AF8E9C6CA71B8516B7F472C1ACE8A9ADA665AD2973871F06BB9215A32A12F553B36F4371A73B5D20319EDFAD07D946A66F098A51AF28EF612FF720242E8C3EA
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

Process:	C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008008, page size 1024, file counter 1, database pages 10, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	1.6211119274023298
Encrypted:	false
SSDEEP:	24:ri4sWLMSpHJCSHBv52qolhdQZSRmAH/0UkEvWTtSDGsWLMSpHJCSHBv52qolhdQU:3s6pHj55XQp8UkEESSs6pHj55XQZ
MD5:	551F7A35DEC7A2436EFA7181DF0F5DB4
SHA1:	38EEA293AB5906FEAD7DF8351863FD75171F864E
SHA-256:	9F5C71448B5A562560E138BA873E4D827DA45C83745E570FD40DF43D4BEC56D6
SHA-512:	CE47D79874F71FED3B9930717A8BD2B827DCD6F8CD1D1DE7E1B913D69C9DFC050B6314538A0AEF88A3F89ADC78CE1E5C55A8661395E1AF373DE34C296093271F
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-....................._....................................................................................................................................................................................../...C...indexsqlite_autoindex_elements_1elements.[...!!...indexnamelookupstructures.CREATE INDEX namelookup on structures(moduleid, tablename).F...!!..Wtablestructuresstructures.CREATE TABLE structures(moduleid INTEGER NOT NULL, typeid INTEGER NOT NULL, tablename varchar(255) NOT NULL, length INTEGER NOT NULL, PRIMARY KEY (moduleid, typeid))3...G!..indexsqlite_autoindex_structures_1structures.P...++.Ytablesqlite_sequencesqlite_sequence.CREATE TABLE sqlite_sequence(name,seq).>.......Stablemodulesmodules.CREATE TABLE modules(moduleid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, modulename varchar(255) NOT NULL, timestamp int NOT NULL, UNIQUE (modulename, timestamp))-...A...indexsqlite_autoind

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3025312
Entropy (8bit):	6.402393103402349
Encrypted:	false
SSDEEP:	49152:5LJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvu1:vwSi0b67zeCzt0+yO3kSU
MD5:	2C94C19646786C4EE5283B02FD8CE5A5
SHA1:	BF3DD30300126BA9B51C343D64DA2D8EDA23EBEA
SHA-256:	9BE09875AA698A85C446FB80E075087D6C0A543A493A7F033F3015FE2F0680D5
SHA-512:	7C3D5E740340042E34F25047A29ADD080E89027DB2D49775AAD529ECB8E13BFB83F73ADB3B2999E129A27D85C9B0021E3BF3E110AC93CDF6C6393D121A0F7D4E
Malicious:	true
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.................................../...@......@....................-......`-.49....-...............-..+....................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

Process:	C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
File Type:	PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	53151
Entropy (8bit):	7.982330941208071
Encrypted:	false
SSDEEP:	1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
MD5:	AEE8E80B35DCB3CF2A5733BA99231560
SHA1:	7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
SHA-256:	35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
SHA-512:	DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
Malicious:	false
Preview:	.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b\|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.\|..'...?/..#;.z&....T.M4.w.."....7W....

Entrypoint:	0x4b5eec
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	5a594319a0d69dbc452e748bcf05892e

Signature Valid:	true
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/05/2023 01:00:00 11/05/2025 00:59:59
Subject Chain	CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL
Version:	3
Thumbprint MD5:	91E70EEDB6FAA14A2CAC55AA04E394DC
Thumbprint SHA-1:	DB97E8AD1FC01EB0CC39C354F5DB2E8B065C048F
Thumbprint SHA-256:	652294C5E648282E1B193DBACCEF545098AF49E60F6176F97A28903CBA4B0870
Serial:	2DDFF16E80007EF97AAD7E4F2CF2E34C

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xc4000	0x9a	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc2000	0xf36	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0x4800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x1c89078	0x2ba0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc6000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc22e4	0x244	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xc3000	0x1a4	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb361c	0xb3800	ad6e46e3a3acdb533eb6a077f6d065af	False	0.3448639341051532	data	6.356058204328091	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0xb5000	0x1688	0x1800	d40fc822339d01f2abcc5493ac101c94	False	0.544921875	data	5.972750055221053	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xb7000	0x37a4	0x3800	4c195d5591f6d61265df08a3733de3a2	False	0.36097935267857145	data	5.044400562007734	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0xbb000	0x6de8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xc2000	0xf36	0x1000	a73d686f1e8b9bb06ec767721135e397	False	0.3681640625	data	4.8987046479600425	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0xc3000	0x1a4	0x200	41b8ce23dd243d14beebc71771885c89	False	0.345703125	data	2.7563628682496506	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0xc4000	0x9a	0x200	37c1a5c63717831863e018c0f51dabb7	False	0.2578125	data	1.8722228665884297	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0xc5000	0x18	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xc6000	0x5d	0x200	8f2f090acd9622c88a6a852e72f94e96	False	0.189453125	data	1.3838943752217987	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc7000	0x4800	0x4800	9ce043cc8ed8e76b0da14bab902ba23e	False	0.3162977430555556	data	4.422592801275048	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc74c8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Dutch	Netherlands	0.5675675675675675
RT_ICON	0xc75f0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	Dutch	Netherlands	0.4486994219653179
RT_ICON	0xc7b58	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Dutch	Netherlands	0.4637096774193548
RT_ICON	0xc7e40	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	Dutch	Netherlands	0.3935018050541516
RT_STRING	0xc86e8	0x360	data			0.34375
RT_STRING	0xc8a48	0x260	data			0.3256578947368421
RT_STRING	0xc8ca8	0x45c	data			0.4068100358422939
RT_STRING	0xc9104	0x40c	data			0.3754826254826255
RT_STRING	0xc9510	0x2d4	data			0.39226519337016574
RT_STRING	0xc97e4	0xb8	data			0.6467391304347826
RT_STRING	0xc989c	0x9c	data			0.6410256410256411
RT_STRING	0xc9938	0x374	data			0.4230769230769231
RT_STRING	0xc9cac	0x398	data			0.3358695652173913
RT_STRING	0xca044	0x368	data			0.3795871559633027
RT_STRING	0xca3ac	0x2a4	data			0.4275147928994083
RT_RCDATA	0xca650	0x10	data			1.5
RT_RCDATA	0xca660	0x2c4	data			0.6384180790960452
RT_RCDATA	0xca924	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0xca950	0x3e	data	English	United States	0.8387096774193549
RT_VERSION	0xca990	0x584	data	English	United States	0.26628895184135976
RT_MANIFEST	0xcaf14	0x726	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4005464480874317

DLL	Import
kernel32.dll	GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dll	InitCommonControls
version.dll	GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
user32.dll	CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dll	SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
netapi32.dll	NetWkstaGetInfo, NetApiBufferFree
advapi32.dll	RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x454060
__dbk_fcall_wrapper	2	0x40d0a0
dbkFCallWrapperAddr	1	0x4be63c

Target ID:	0
Start time:	17:43:41
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
Imagebase:	0x400000
File size:	29'932'568 bytes
MD5 hash:	647A2177841AEBE2F1BB1B3767F41287
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	17:43:42
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-3VLHG.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$402A0,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
Imagebase:	0x400000
File size:	3'025'312 bytes
MD5 hash:	2C94C19646786C4EE5283B02FD8CE5A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\43e163.rbs

C:\Program Files (x86)\GUM98FE.tmp\@PaxHeader

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserCrashHandler64.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdate.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateBroker.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateComRegisterShell64.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateCore.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateHelper.msi

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateOnDemand.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateSetup.exe

C:\Program Files (x86)\GUM98FE.tmp\NortonBrowserUpdateWebPlugin.exe

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Target ID:	5
Start time:	17:44:18
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Imagebase:	0x250000
File size:	1'184'128 bytes
MD5 hash:	143255618462A577DE27286A272584E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	6
Start time:	17:44:20
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg
Imagebase:	0xa50000
File size:	234'936 bytes
MD5 hash:	26816AF65F2A3F1C61FB44C682510C97
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Target ID:	7
Start time:	17:44:22
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Imagebase:	0x400000
File size:	5'727'368 bytes
MD5 hash:	F269C5140CBC0E376CC7354A801DDD16
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	8
Start time:	17:44:23
Start date:	13/10/2024
Path:	C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Temp\asw.a66b047c9b0289ec\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vWuIpMbBBicEVfEyWA6bnyEo3OuuRQXZ1N2XpOzESFJqK8de1eKO42XXRqtAtX7Tg /cookie:mmm_irs_ppi_902_451_o /ga_clientid:b9592fc5-5741-4a25-98a5-ccd83d3c903a /edat_dir:C:\Windows\Temp\asw.a66b047c9b0289ec
Imagebase:	0x340000
File size:	1'698'200 bytes
MD5 hash:	4DE05BCEF050AB8FA30941A9E3454645
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	9
Start time:	17:44:24
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Imagebase:	0x400000
File size:	27'406'384 bytes
MD5 hash:	E0F666FE4FF537FB8587CCD215E41E5F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	moderate
Has exited:	true

Target ID:	10
Start time:	17:44:26
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-4SDR0.tmp\CheatEngine75.tmp" /SL5="$90282,26511452,832512,C:\Users\user\AppData\Local\Temp\is-NAQL6.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Imagebase:	0x400000
File size:	3'223'968 bytes
MD5 hash:	9AA2ACD4C96F8BA03BB6C3EA806D806F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	moderate
Has exited:	true

Target ID:	13
Start time:	17:44:27
Start date:	13/10/2024
Path:	C:\Windows\System32\net1.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\net1 stop BadlionAntic
Imagebase:	0x7ff7ce440000
File size:	183'808 bytes
MD5 hash:	55693DF2BB3CBE2899DFDDF18B4EB8C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	23
Start time:	17:44:28
Start date:	13/10/2024
Path:	C:\Windows\System32\icacls.exe
Wow64 process (32bit):	false
Commandline:	"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Imagebase:	0x7ff71da10000
File size:	39'424 bytes
MD5 hash:	48C87E3B3003A2413D6399EA77707F5D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	25
Start time:	17:44:31
Start date:	13/10/2024
Path:	C:\Users\user\AppData\Local\Temp\nsm77AC.tmp\NortonBrowserUpdateSetup.exe
Wow64 process (32bit):	true
Commandline:	NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Imagebase:	0x680000
File size:	1'910'576 bytes
MD5 hash:	2B07E26D3C33CD96FA825695823BBFA7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	26
Start time:	17:44:35
Start date:	13/10/2024
Path:	C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
Imagebase:	0x400000
File size:	242'616 bytes
MD5 hash:	9AF96706762298CF72DF2A74213494C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true