Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Violated Heroine_91zbZ-1.exe

Overview

General Information

Sample name:Violated Heroine_91zbZ-1.exe
Analysis ID:1580037
MD5:6e4c8f2488186375ecc5701ae74a2a19
SHA1:f4765471feb517088c50a085f75264bd43b17b07
SHA256:d45e8203cd5398582a2a13d7f1f4caf7bab60fa6db19db24a2ae99efb0b2fbbc
Tags:exeuser-Gillysuy
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Checks if browser processes are running
Checks if the current machine is a virtual machine (disk enumeration)
Contain functionality to detect virtual machines
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to infect the boot sector
Creates an undocumented autostart registry key
Modifies the windows firewall
Possible COM Object hijacking
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses netsh to modify the Windows network and firewall settings
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • Violated Heroine_91zbZ-1.exe (PID: 6888 cmdline: "C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe" MD5: 6E4C8F2488186375ECC5701AE74A2A19)
    • Violated Heroine_91zbZ-1.tmp (PID: 6932 cmdline: "C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$10418,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe" MD5: B1F49F39D06B2CFDF18C9C19DAAA4C4F)
      • saBSI.exe (PID: 4600 cmdline: "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
      • avg_antivirus_free_setup.exe (PID: 2836 cmdline: "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA MD5: 26816AF65F2A3F1C61FB44C682510C97)
        • avg_antivirus_free_online_setup.exe (PID: 1028 cmdline: "C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /ga_clientid:19fb230f-7b30-4399-bcf4-24d721fda304 /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 MD5: 6EBB043BC04784DBC6DF3F4C52391CD0)
          • icarus.exe (PID: 6376 cmdline: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 6648 cmdline: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av_slave_ep_63b86fed-aea9-4111-ad96-744efd95243c /slave:avg-av MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 1620 cmdline: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av-vps_slave_ep_a7fad2ef-b0bc-4eca-ba79-b29dd4a7a8de /slave:avg-av-vps MD5: A1FFFE3E9589CCFE629EB653F704A659)
      • norton_secure_browser_setup.exe (PID: 4904 cmdline: "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)
        • NortonBrowserUpdateSetup.exe (PID: 7004 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 2B07E26D3C33CD96FA825695823BBFA7)
          • NortonBrowserUpdate.exe (PID: 7104 cmdline: "C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5368 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 2920 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 3872 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0EyN0EzREM2LUQyRDQtNDc4QS05Q0NGLUI5MTE3MDFCMjc1MH0iIHVzZXJpZD0iezI0MzZFRTQ0LUM5RkYtNDFFNS1CMDdCLUY5REUyOTlBRkIyRX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDA5RUEtRkY0OS0xNzM4LUU4QzMtMTNGMEIwRjU4N0U2fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0Y1RjQ5MzZFLTM4QjUtNDkyOS1BRDVCLTM5NEJBQkM4MkZDRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTE1NyIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 4888 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{A27A3DC6-D2D4-478A-9CCF-B911701B2750}" /silent MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
      • netsh.exe (PID: 6576 cmdline: "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "qBittorrent" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 2816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • qbittorrent.exe (PID: 5688 cmdline: "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7 MD5: 22A34900ADA67EAD7E634EB693BD3095)
      • WerFault.exe (PID: 5376 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 6452 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 6224 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6148 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 2568 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6932 -ip 6932 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 6400 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6932 -ip 6932 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • NortonBrowserUpdate.exe (PID: 2056 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 5124 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserCrashHandler.exe (PID: 1420 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe" MD5: 1694092D5DE0E0DAEF4C5EA13EA84CAB)
    • NortonBrowserCrashHandler64.exe (PID: 5652 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe" MD5: 09621280025727AB4CB39BD6F6B2C69E)
  • NortonBrowserUpdate.exe (PID: 4432 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 3220 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 2520 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • msiexec.exe (PID: 3260 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • NortonBrowserUpdate.exe (PID: 928 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\GUT3C14.tmpPlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f88a8:$Dwork: D:\work
  • 0x1fac58:$Dwork: D:\work
  • 0x1faedc:$Dwork: D:\work
  • 0x2019f8:$Dwork: D:\work
  • 0x201ba0:$Dwork: D:\work
  • 0x201d08:$Dwork: D:\work
  • 0x201de0:$Dwork: D:\work
  • 0x202040:$Dwork: D:\work
  • 0x202160:$Dwork: D:\work
  • 0x202280:$Dwork: D:\work
  • 0x202330:$Dwork: D:\work
  • 0x2db910:$Dwork: D:\work
  • 0x2dba38:$Dwork: D:\work
  • 0x2dbba0:$Dwork: D:\work
  • 0x2dbd88:$Dwork: D:\work
  • 0x2dbe78:$Dwork: D:\work
  • 0x2dbff8:$Dwork: D:\work
  • 0x2dc118:$Dwork: D:\work
  • 0x2dc1c8:$Dwork: D:\work
  • 0x4ed054:$Dwork: D:\work
  • 0x4ed0b0:$Dwork: D:\work

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: NortonBrowserUpdateSetup.exe PID: 7004PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0xe900:$Dwork: D:\work
  • 0x107fc:$Dwork: D:\work
  • 0x14490:$Dwork: D:\work
  • 0x145ab:$Dwork: D:\work
  • 0x14702:$Dwork: D:\work
  • 0x149fd:$Dwork: D:\work
  • 0x14b15:$Dwork: D:\work
  • 0x14c69:$Dwork: D:\work
  • 0x14e10:$Dwork: D:\work
  • 0x14efa:$Dwork: D:\work
  • 0x150e8:$Dwork: D:\work
  • 0x151ce:$Dwork: D:\work
  • 0x1532c:$Dwork: D:\work
  • 0x15444:$Dwork: D:\work
  • 0x154ee:$Dwork: D:\work
  • 0x155e9:$Dwork: D:\work
  • 0x156fe:$Dwork: D:\work
  • 0x157a6:$Dwork: D:\work
  • 0x2abe8:$Dwork: D:\work
  • 0x25a49:$Shell6: Shell6
  • 0x25b00:$Shell6: Shell6

Sigma Signatures

System Summary

barindex
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6224, ProcessName: svchost.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T18:59:04.285655+010020283713Unknown Traffic192.168.2.44973365.9.108.213443TCP
2024-12-23T18:59:07.769393+010020283713Unknown Traffic192.168.2.44973465.9.108.213443TCP
2024-12-23T18:59:10.111339+010020283713Unknown Traffic192.168.2.44973565.9.108.213443TCP
2024-12-23T18:59:11.988814+010020283713Unknown Traffic192.168.2.44973665.9.108.213443TCP
2024-12-23T18:59:14.819911+010020283713Unknown Traffic192.168.2.44973765.9.108.213443TCP
2024-12-23T18:59:17.450991+010020283713Unknown Traffic192.168.2.44974065.9.108.213443TCP
2024-12-23T18:59:34.454988+010020283713Unknown Traffic192.168.2.44974565.9.108.213443TCP
2024-12-23T18:59:38.012753+010020283713Unknown Traffic192.168.2.44974665.9.108.213443TCP
2024-12-23T18:59:40.852082+010020283713Unknown Traffic192.168.2.44974765.9.108.213443TCP
2024-12-23T18:59:53.997675+010020283713Unknown Traffic192.168.2.44974865.9.108.213443TCP
2024-12-23T18:59:54.622334+010020283713Unknown Traffic192.168.2.44974952.35.239.119443TCP
2024-12-23T18:59:57.044233+010020283713Unknown Traffic192.168.2.44975265.9.108.213443TCP
2024-12-23T18:59:57.159597+010020283713Unknown Traffic192.168.2.44975152.35.239.119443TCP
2024-12-23T19:00:00.289792+010020283713Unknown Traffic192.168.2.44976365.9.108.213443TCP
2024-12-23T19:00:03.365695+010020283713Unknown Traffic192.168.2.44977634.117.223.223443TCP
2024-12-23T19:00:04.633143+010020283713Unknown Traffic192.168.2.44977752.35.239.119443TCP
2024-12-23T19:00:05.211757+010020283713Unknown Traffic192.168.2.44977934.117.223.223443TCP
2024-12-23T19:00:06.573201+010020283713Unknown Traffic192.168.2.44978618.161.108.224443TCP
2024-12-23T19:00:17.848265+010020283713Unknown Traffic192.168.2.449823104.20.87.8443TCP
2024-12-23T19:00:21.291318+010020283713Unknown Traffic192.168.2.44983252.35.239.119443TCP
2024-12-23T19:00:39.344360+010020283713Unknown Traffic192.168.2.44988534.117.223.223443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Violated Heroine_91zbZ-1.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: Violated Heroine_91zbZ-1.exeReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006914F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,5_2_006914F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006917A0 CryptQueryObject,CryptQueryObject,5_2_006917A0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00645870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00645870
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00646220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00646220
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006467B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_006467B0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067EB60 CryptQueryObject,CryptQueryObject,5_2_0067EB60
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067F150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,5_2_0067F150
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067F3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,5_2_0067F3C0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EFB0E0 CryptDestroyHash,CryptDestroyHash,6_2_00EFB0E0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF82F0 CryptDestroyHash,6_2_00EF82F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF9250 CryptGenRandom,GetLastError,__CxxThrowException@8,6_2_00EF9250
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF9450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,6_2_00EF9450
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF8DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,6_2_00EF8DC0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF9020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_00EF9020
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF8260 CryptDestroyHash,6_2_00EF8260
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF9340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_00EF9340
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF94D0 CryptHashData,GetLastError,__CxxThrowException@8,6_2_00EF94D0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF8EF0 CryptReleaseContext,6_2_00EF8EF0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F12660 CryptReleaseContext,6_2_00F12660
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF1617F LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,7_2_6AF1617F
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006909E0 CryptProtectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,CryptUnprotectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_006909E0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0065DF30 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,8_2_0065DF30
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_a94735d7-5

Compliance

barindex
Uses 32bit PE files
Source: Violated Heroine_91zbZ-1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
PE / OLE file has a valid certificate
Source: Violated Heroine_91zbZ-1.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.35.239.119:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.161.108.224:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49905 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49970 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49989 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49995 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Violated Heroine_91zbZ-1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000004149000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2998557371.000000006AE2E000.00000002.00000001.01000000.00000014.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.00000000045BF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserCrashHandler.exe, 0000001A.00000000.2468093605.0000000000FBD000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2998771454.000000006AE63000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2999522743.000000006B0C2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserCrashHandler64.exe, 0000001C.00000000.2470429729.00007FF674C0E000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.2930761174.0000000000F13000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2263468482.0000000000F13000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000420C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004CE2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000000.2318277248.0000000000714000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2930627127.0000000000714000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C14000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3000057348.000000006F6F6000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.0000000003156000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000407C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.00000000030AC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004B96000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2356434387.00000000019A6000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000319B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B7010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,7_2_6B0B7010
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00656F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_00656F60
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0064E180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_0064E180
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00654590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_00654590
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00680AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00680AC0
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-RB179.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extractJump to behavior
Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49752 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49749 -> 52.35.239.119:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49751 -> 52.35.239.119:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49763 -> 65.9.108.213:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49777 -> 52.35.239.119:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49786 -> 18.161.108.224:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49776 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49779 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49823 -> 104.20.87.8:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49832 -> 52.35.239.119:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49885 -> 34.117.223.223:443
Source: global trafficHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 128Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004aUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 289Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004aUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 370Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004aUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 370Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004aUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 378Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004aUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 368Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004aUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 321Host: d3ben4sjdmrs9v.cloudfront.net
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B91E0 lstrlenW,HttpQueryInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrlenW,CreateFileW,GetLastError,InternetReadFile,lstrcpynA,WriteFile,InternetReadFile,GetLastError,InternetQueryOptionW,InternetQueryOptionW,InternetQueryOptionW,wsprintfW,GetLastError,MultiByteToWideChar,GetLastError,wsprintfW,GlobalFree,CloseHandle,DeleteFileW,7_2_6B0B91E0
Source: global trafficHTTP traffic detected: GET /f/AVG_AV/images/1509/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: GET /f/NORTON_BRW/images/1494/547x280/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: GET /f/AVG_AV/files/1319/avg.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: GET /f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: GET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B2436EE44-C9FF-41E5-B07B-F9DE299AFB2E%7D&osversion=10.0&servicepack= HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Google Update/1.8.1649.5;winhttpX-Last-HR: 0x0X-Last-HTTP-Status-Code: 0X-Retry-Count: 0X-HTTP-Attempts: 1Host: update.norton.securebrowser.com
Source: global trafficHTTP traffic detected: GET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B2436EE44-C9FF-41E5-B07B-F9DE299AFB2E%7D&osversion=10.0&servicepack= HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Google Update/1.8.1649.5;winhttpX-Old-UID: age=-1; cnt=0X-Last-HR: 0x0X-Last-HTTP-Status-Code: 0X-Retry-Count: 0X-HTTP-Attempts: 1Host: update.norton.securebrowser.com
Source: global trafficHTTP traffic detected: GET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_edi=15&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DF1173725680D0886F5A6F9D38DE669B7A&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av&p_ram=8191&p_vbd=9725&p_vep=24&p_ves=12&p_vre=2390&repoid=release& HTTP/1.1Host: shepherd.avcdn.netUser-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0Accept: */*Accept-Encoding: deflate, gzip
Source: global trafficHTTP traffic detected: GET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DF1173725680D0886F5A6F9D38DE669B7A&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av-vps&p_ram=8191&p_vbd=2304&p_vep=24&p_ves=12&p_vre=8777&repoid=release& HTTP/1.1Host: shepherd.avcdn.netUser-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0Accept: */*Accept-Encoding: deflate, gzip
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eaddons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c03e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e27:b1NIC CA 2011NIC CA 201401:31:69:b007:27:10:0301:31:34:bfDigiNotar PKIoverheid CA Overheid en Bedrijven07:27:10:0d46:9c:2c:b007:27:0f:f9DigiNotar Cyber CA46:9c:2c:afDigiNotar Public CA 202507:27:14:a946:9c:3c:c9d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G21e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CA41UTN-USERFirst-Hardware08:27MD5 Collisions Inc. (http://www.phreedom.org/md5)4c:0e:63:6aDigisign Server ID (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)27:83AC DG Tr equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficDNS traffic detected: DNS query: analytics.apis.mcafee.com
Source: global trafficDNS traffic detected: DNS query: v7event.stats.avast.com
Source: global trafficDNS traffic detected: DNS query: honzik.avcdn.net
Source: global trafficDNS traffic detected: DNS query: sadownload.mcafee.com
Source: global trafficDNS traffic detected: DNS query: analytics.avcdn.net
Source: global trafficDNS traffic detected: DNS query: stats.securebrowser.com
Source: global trafficDNS traffic detected: DNS query: update.norton.securebrowser.com
Source: global trafficDNS traffic detected: DNS query: cdn-update.norton.securebrowser.com
Source: global trafficDNS traffic detected: DNS query: shepherd.avcdn.net
Source: global trafficDNS traffic detected: DNS query: home.mcafee.com
Source: unknownHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 128Host: d3ben4sjdmrs9v.cloudfront.net
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 23 Dec 2024 18:00:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-powered-by: Expresscontent-security-policy: default-src 'none'x-content-type-options: nosniffcf-cache-status: DYNAMICServer: cloudflareCF-RAY: 8f6a402e4d990f7c-EWR
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 23 Dec 2024 18:00:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-powered-by: Expresscontent-security-policy: default-src 'none'x-content-type-options: nosniffcf-cache-status: DYNAMICServer: cloudflareCF-RAY: 8f6a403ade80421f-EWR
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dContent-EncodingHTTP/1.0deflate:
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://bugreports.qt.io/1_q_preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.qbittorrent.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.qbittorrent.org.
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.qbittorrent.org.badagentDynamic
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2998329304.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2998257277.000000000470A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000420C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C14000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.00000000030AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000004149000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000319B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004CE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2996786085.0000000004701000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2610004009.0000000003E6E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org-
Source: saBSI.exe, saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx4/
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx9
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxeI6
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxqH
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxv
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxvbH?
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxvtH
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2286706083.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318186166.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2610004009.0000000003E79000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995908420.0000000003E79000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2627012862.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688500292.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2708643385.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656544165.0000000003721000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2946377953.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656308314.000000000370A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2348386473.000000000373D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 0000000C.00000002.2969061863.00000217D7C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2998329304.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2998257277.000000000470A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000420C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C14000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.00000000030AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000004149000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000319B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004CE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2996786085.0000000004701000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.0000000003156000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Diw
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000420C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C14000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.00000000030AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000004149000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000319B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004CE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://doc.qbittorrent.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://doc.qbittorrent.orgUse
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D79C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D79C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D79C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D79C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D79C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D79C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D79FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qbittorrent.exe, 0000000B.00000002.2974667681.00000000049A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.B
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7A41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://forum.qbittorrent.org
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2930761174.0000000000F13000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2263468482.0000000000F13000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000000.2295441560.000000000040A000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2610004009.0000000003E6E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2998329304.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2998257277.000000000470A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2996786085.0000000004701000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609875898.0000000003E32000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.coy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://plugins.qbittorrent.org
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://searchplugins.qbittorrent.org/nova3/engines/
Source: saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/
Source: saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: saBSI.exe, 00000005.00000002.2961349526.0000000005DED000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crtC:
Source: saBSI.exe, 00000005.00000002.2937438476.00000000033AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crtfH?
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com:80/cacert/codesigningrootr45.crtC
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.00000000045BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.00000000045BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.00000000045BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t2.symcb.com0
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.0000000005120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2318186166.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/4
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.0000000005120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/O
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2318186166.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.0000000005120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2318186166.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiVx
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2772684835.0000000006910000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2931281756.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1679214688.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.2775217524.0000000002156000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000076C6000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1687037968.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.000000000515C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.000000000515C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/GF
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/N
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.0000000005120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/f
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2959765986.0000000005C3D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://www.phreedom.org/md5)4c:0e:63:6aDigisign
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: qbittorrent.exe, 0000000B.00000002.2974667681.000000000497B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: norton_secure_browser_setup.exe, 00000007.00000002.2954901836.00000000027B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/license/?l=%LOCALE%licenseAgreement
Source: norton_secure_browser_setup.exe, 00000007.00000002.2954901836.00000000027B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/privacy/?l=%LOCALE%privacyPolicyLin
Source: norton_secure_browser_setup.exe, 00000007.00000002.2954901836.00000000027B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/uninstall-survey/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/entrance/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/Z
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2286706083.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordh
Source: saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.comse
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2708643385.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2946377953.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2710377045.000000000372D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2369578044.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370055808.000000000372D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688500292.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2686557311.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2347943293.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2369578044.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2708643385.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2626740811.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2523169614.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2943815131.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656308314.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2430840813.00000000036F6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573256039.00000000036F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/5&
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2370055808.000000000372D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2430840813.000000000370A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2930627127.0000000000714000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2369578044.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370055808.000000000372D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/250
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2940571364.00000000036C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25jGV
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2347943293.0000000003707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25s
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2940571364.00000000036A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/255/f6c29c470a756f71f14ad40453e27aa8e141bd3443b84483
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.comX
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf-h
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: norton_secure_browser_setup.exe, 00000007.00000002.2954901836.00000000027B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-%HOST_PREFIX%update.norton.securebrowser.com/installer/%VERSION%/norton-securebrowser%ED
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: norton_secure_browser_setup.exe, 00000007.00000003.2328658239.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2329532300.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxdelaytimeout-elapsedterminatecontinueargumentsshow-wi
Source: saBSI.exe, 00000005.00000003.2522702422.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528223416.0000000005BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://confluence.int.mcafee.com/pages/viewpage.action?pageId=35264328
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1679214688.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.2775217524.00000000021BD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2768603481.0000000003715000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2766248612.0000000003611000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1687037968.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.000000000516F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318186166.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01xH
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.00000000045BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.00000000045BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2395249728.0000000005036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1679214688.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.2775217524.00000000021BD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000075A0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2766248612.0000000003611000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1687037968.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1679214688.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.2775217524.00000000021BD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2766248612.0000000003611000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2768603481.00000000036EA000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1687037968.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.000000000768B000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756120981.0000000000A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi#
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngng0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngng0a
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756120981.0000000000A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngngi
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2769747107.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip(B
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2769747107.0000000004FC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip8
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2769747107.0000000004FC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipi
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.ziptCF
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.00000000024E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngQj
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2293301298.000000000500F000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2294051654.000000000501F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngUi
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngc
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngowser_setup.zip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.00000000024A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipp
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770395859.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippNi-
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000005014000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2293301298.000000000500F000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262185818.000000000500F000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2294051654.000000000501F000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262534360.000000000501F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippQj
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756120981.0000000000A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770395859.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.pngUi
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1679214688.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.2775217524.00000000021BD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2766248612.0000000003611000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1687037968.00000000035A0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000075A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/o
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1679214688.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.2775217524.00000000021BD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2769747107.0000000004FC4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2768603481.000000000372E000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.0000000002551000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.0000000002420000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2766248612.0000000003611000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1687037968.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd.tmp
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2769747107.0000000004FC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbdt
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd7b81be6a-ce2b-4676-a29e-eb907a5126c5
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/instal
Source: norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_d
Source: norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: qbittorrent.exe, 0000000B.00000002.2973204929.0000000001AA7000.00000004.00000001.01000000.00000018.sdmpString found in binary or memory: https://download.db-ip.com/free/dbip-country-lite-%1.mmdb.gz
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.db-ip.com/free/dbip-country-lite-%1.mmdb.gzAndorrayyyy-MMCouldn
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.go
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7A53000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000C.00000003.2360178191.00000217D7AB7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000C.00000003.2360178191.00000217D7AA4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000C.00000003.2360178191.00000217D7A98000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000C.00000003.2360178191.00000217D7A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/qbittorrent/qBittorrent/wiki/Anonymous-Mode
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/qbittorrent/qBittorrent/wiki/Explanation-of-Options-in-qBittorrent#Advanced
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.000000000515C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.000000000515C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2627012862.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688500292.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2708643385.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656544165.0000000003721000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2946377953.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656308314.000000000370A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2710377045.000000000372D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2430840813.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2686557311.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573583786.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688854076.000000000371C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688970079.000000000372D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2369578044.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370055808.000000000372D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2627012862.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688500292.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2708643385.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656544165.0000000003721000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2946377953.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656308314.000000000370A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2710377045.000000000372D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2686557311.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688854076.000000000371C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688970079.000000000372D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/Y
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2347943293.0000000003715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzmaD
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000006.00000002.2935346727.000000000516F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.0000000005172000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.000000000517D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688765353.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573736277.0000000003722000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573256039.0000000003722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8b56c3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688765353.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2430840813.0000000003722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2370055808.000000000372D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/48c1/d01f/6234/48c1d01f6234e7c129b31a0c2388de0f102f718721fedf18edb
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688765353.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707846904.0000000005C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688765353.0000000005C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/aa90/1643/995c/aa901643995c786c0598ce59c6edc19d0202ef4a3a8a0cb0c1a
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2573583786.000000000372E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688765353.0000000005C03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/e9e9/a93a/90fd/e9e9a93a90fdacb5677472fbfeb58dfcea5047e1d044cae69fe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688765353.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707846904.0000000005C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f6c2/9c47/0a75/f6c29c470a756f71f14ad40453e27aa8e141bd3443b84483c73
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2315778591.0000000005186000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2940571364.00000000036A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8b
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpd.apache.org/docs/current/ssl/ssl_faq.html#aboutcerts
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000000.1678677343.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://libtorrent.org/single-page-ref.html#no_connect_privileged_ports
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://libtorrent.org/single-page-ref.html#piece_extent_affinity
Source: norton_secure_browser_setup.exe, 00000007.00000003.2328658239.000000000062D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: norton_secure_browser_setup.exe, 00000007.00000003.2328658239.000000000062D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: norton_secure_browser_setup.exe, 00000007.00000003.2328658239.000000000062D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000000C.00000003.2360178191.00000217D7A06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failed
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/p6
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/poU
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/polg
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/polic
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.json
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/kW
Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000005.00000003.2335992239.0000000005BC8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336040810.0000000005BC8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2333280659.0000000005BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000005.00000003.2335319702.0000000003421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlD
Source: saBSI.exe, 00000005.00000003.2335319702.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlg
Source: saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528223416.0000000005BC4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2523046575.0000000005BC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2409122897.0000000005BCA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2406263165.0000000005BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914882208.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2409122897.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2522960363.0000000005BDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlmpa
Source: saBSI.exe, saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2286706083.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml.DLL
Source: saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xmlT
Source: saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xmlaB
Source: saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPROCESSeI6
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2OnoH
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsoneI6
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsoneJ6
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsoniH
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonkH
Source: saBSI.exe, 00000005.00000003.2528223416.0000000005BC4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2523046575.0000000005BC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2406263165.0000000005BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 00000005.00000002.2956869892.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914882208.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2409122897.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2522960363.0000000005BDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlP
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binaryeI
Source: saBSI.exe, 00000005.00000003.2522960363.0000000005BCA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/
Source: saBSI.exe, 00000005.00000003.2915133433.00000000033AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/64/installer.exe
Source: saBSI.exe, 00000005.00000002.2937438476.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/64/installer.exeexe
Source: saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/64/installer.exem
Source: saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000005.00000003.2522960363.0000000005BCA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 00000005.00000003.2528223416.0000000005BC4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2523046575.0000000005BC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2406263165.0000000005BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 00000005.00000002.2956869892.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914882208.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2409122897.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2522960363.0000000005BDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binaryd
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528458421.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528133431.0000000005C1A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2522702422.0000000005C06000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2522702422.0000000005C1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saLOCALAqH
Source: saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saqH
Source: saBSI.exe, 00000005.00000003.2335319702.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/BSI/bsi_vars.xml
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sciter.com0/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2940571364.00000000036A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2767969442.00000000036D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/?_=1734976801131&retry_tracking_count=0&last_request_error_code=0&la
Source: norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/l
Source: norton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com?_=1734976801131
Source: norton_secure_browser_setup.exe, 00000007.00000002.2954901836.00000000027B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingPar
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2315582035.0000000003DFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.microsoft
Source: norton_secure_browser_setup.exe, 00000007.00000003.2316487440.0000000003E1D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2315582035.0000000003DFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: norton_secure_browser_setup.exe, 00000007.00000003.2316487440.0000000003E1D000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2315582035.0000000003DFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy.net/f/WebAdvisor/images/NEW/EN.pngipSOR_AM
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/termsD
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2767969442.00000000036D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-productsib
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.00000000024B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/prVersion
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2767969442.00000000036D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policyx
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2395249728.0000000005036000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2771018396.0000000005038000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2395249728.0000000005036000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2771018396.0000000005038000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262004255.000000000502D000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000005038000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262487203.000000000502F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/0X
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2293205207.000000000502D000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2293671688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770953974.0000000005033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulasD
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2293205207.000000000502D000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2293671688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2395249728.0000000005036000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770953974.0000000005033000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2771018396.0000000005038000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262004255.000000000502D000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000005038000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262487203.000000000502F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2395249728.0000000005036000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2771018396.0000000005038000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/D
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policyu
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement&
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.fosshub.com/feed/5b8793a7f9ee5a5c3e97a3b2.xml
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2232263563.0000000004FF5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2261256419.0000000006915000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1685742881.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#aio_threads
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#allow_idna
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#allow_multiple_connections_per_ip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#announce_ip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#announce_to_all_tiers
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#announce_to_all_trackers
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#checking_mem_usage
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#choking_algorithm
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#connection_speed
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#disk_io_write_mode
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#file_pool_size
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#hashing_threads
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#listen_queue_size
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#max_concurrent_http_announces
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#mixed_mode_algorithm
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#outgoing_port
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#peer_tos
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#peer_turnover
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#seed_choking_algorithm
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#send_buffer_low_watermark
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#send_buffer_watermark
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#send_buffer_watermark_factor
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#ssrf_mitigation
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#stop_tracker_timeout
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#suggest_mode
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#upnp_lease_duration
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#validate_https_trackers
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consume
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756120981.0000000000A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html$
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770395859.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html14857f2e130620004a/Q
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.ziptCF
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/p
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394344958.0000000006B44000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlp
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlM
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.noip.com/remote-access
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.noip.com/remote-accesshttps://account.dyn.com/entrance/Dynamic
Source: norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000420C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C14000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.00000000030AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000004149000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000319B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004CE2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000407C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000003FFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000075B1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/leg
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000075D6000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770395859.0000000005020000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A4B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A31000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000075A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/6m
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770395859.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/SOR_A
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/SOR_AJj
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/SOR_AM
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/SOR_AX
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/X
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000076A1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/p
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000076A1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/pr
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.000000000764D000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A4B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A31000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2773088748.00000000075A6000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.0000000002498000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2769747107.0000000004F74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/M
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/_BRW/images/1494/547x280/EN.pngowser_setup.ziptCF
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersf
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacyR
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1i
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.8.10/python-3.8.10.exe
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.8.10/python-3.8.10.exePython
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org/donate
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org/donateExecution
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org/news.php
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policyna
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy~b
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1685742881.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.35.239.119:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.108.213:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.161.108.224:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.20.87.8:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49905 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49970 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49989 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49995 version: TLS 1.2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405601

E-Banking Fraud

barindex
Checks if browser processes are running
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: lstrcpyW,lstrcpyW,lstrcmpW,lstrcpyW,lstrlenW,lstrcpyW,GetFileAttributesW,CreateFileW,GetFileSize,GlobalAlloc,ReadFile,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,GlobalFree,CloseHandle,StrStrW,StrStrW,StrStrW,StrStrW,GlobalAlloc,lstrcpynW,GlobalFree,CloseHandle,GlobalFree, \SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxManifest.xml7_2_6AE22050

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0 (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1 (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2 (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0.zip (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1.zip (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2.zip (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\installer.exe entropy: 7.99064522414Jump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\7daf5f50-70db-4ee8-9158-6e2b79f9080d entropy: 7.99982131586Jump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\a9695c8b-563a-4daa-858b-bb73662d6297 entropy: 7.99990414125Jump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\777c404c-9987-4f1c-afd9-3364494675f5 entropy: 7.99866005103Jump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\9f0fa647-744f-460e-880a-250c7ee05d00 entropy: 7.99949886139Jump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\54183570-af1f-4fd2-94c0-d8268835d497 entropy: 7.9999260316Jump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\83b4d0da-e585-4199-a868-cae94d89745b entropy: 7.99995124837Jump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{1F61E350-EF17-4D14-8C4F-9A4747F4F5F4}-NortonBrowserInstaller.exe entropy: 7.99995540187Jump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_product.dll.lzma entropy: 7.99946367131Jump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_product.dll.lzma entropy: 7.99990334673Jump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\aswOfferTool.exe.lzma entropy: 7.99980219406Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 7004, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Program Files (x86)\GUT3C14.tmp, type: DROPPEDMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0062C610 NtQueryInformationProcess,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,NtQueryInformationProcess,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_0062C610
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0062FDD0 GetModuleHandleW,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,8_2_0062FDD0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0062C6D0 NtQueryInformationProcess,8_2_0062C6D0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00646220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00646220
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B9B40 GetFileAttributesW,CloseHandle,lstrlenW,lstrlenW,lstrlenW,GetFileAttributesW,CloseHandle,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrlenW,lstrcpyW,lstrcpyW,WTSGetActiveConsoleSessionId,CloseHandle,LoadLibraryW,LoadLibraryW,CloseHandle,LoadLibraryW,CloseHandle,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,DuplicateTokenEx,GetTokenInformation,GetTokenInformation,GetTokenInformation,CloseHandle,CreateProcessAsUserW,CloseHandle,CloseHandle,ShellExecuteExW,CloseHandle,CloseHandle,CreateProcessW,CloseHandle,AllowSetForegroundWindow,GlobalFree,CloseHandle,CloseHandle,7_2_6B0B9B40
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6f646b.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI65A3.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6f646e.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6f646e.msi
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\6f646e.msi
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00644F505_2_00644F50
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00648FB05_2_00648FB0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006470D95_2_006470D9
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0064F1105_2_0064F110
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006673B05_2_006673B0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067D5405_2_0067D540
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006818405_2_00681840
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00663AC05_2_00663AC0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006781905_2_00678190
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006883A05_2_006883A0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067A5405_2_0067A540
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006906605_2_00690660
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C86095_2_006C8609
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0062A6105_2_0062A610
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006847C05_2_006847C0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D68E05_2_006D68E0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006828A05_2_006828A0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B09195_2_006B0919
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D09925_2_006D0992
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D0AB25_2_006D0AB2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B0B4B5_2_006B0B4B
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00622B005_2_00622B00
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00686D435_2_00686D43
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006AADD05_2_006AADD0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B0DB05_2_006B0DB0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00658EA05_2_00658EA0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0062CF405_2_0062CF40
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067F1505_2_0067F150
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0066D2C05_2_0066D2C0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006BB3405_2_006BB340
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B933A5_2_006B933A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006254005_2_00625400
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0068B4F05_2_0068B4F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C14AF5_2_006C14AF
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006876025_2_00687602
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0062F8305_2_0062F830
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CD8E05_2_006CD8E0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B390B5_2_006B390B
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00683A305_2_00683A30
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0065FB405_2_0065FB40
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00653C505_2_00653C50
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0064BCB05_2_0064BCB0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00627D105_2_00627D10
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067FFE05_2_0067FFE0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF52F06_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EFBB706_2_00EFBB70
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F0C9D06_2_00F0C9D0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F1126C6_2_00F1126C
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EFD3406_2_00EFD340
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EFEDE06_2_00EFEDE0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F066E46_2_00F066E4
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F0CE7E6_2_00F0CE7E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00406B647_2_00406B64
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE2C7717_2_6AE2C771
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5DAF17_2_6AE5DAF1
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5D20E7_2_6AE5D20E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE492197_2_6AE49219
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5C3CA7_2_6AE5C3CA
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE420FA7_2_6AE420FA
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5D82A7_2_6AE5D82A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE446E27_2_6AE446E2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4C78B7_2_6AE4C78B
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4E7907_2_6AE4E790
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE41C867_2_6AE41C86
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5A47D7_2_6AE5A47D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4944B7_2_6AE4944B
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5DDAC7_2_6AE5DDAC
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5D5807_2_6AE5D580
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5A59D7_2_6AE5A59D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE58D2E7_2_6AE58D2E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEC6AF07_2_6AEC6AF0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE9E75B7_2_6AE9E75B
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEBA44A7_2_6AEBA44A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF7B3B07_2_6AF7B3B0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE9336A7_2_6AE9336A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF60A8E7_2_6AF60A8E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB80C97_2_6AFB80C9
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE95A597_2_6AE95A59
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE95B9D7_2_6AE95B9D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE958F97_2_6AE958F9
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE9DEEF7_2_6AE9DEEF
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEC1EF47_2_6AEC1EF4
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE99C747_2_6AE99C74
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE95DC17_2_6AE95DC1
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF1D38B7_2_6AF1D38B
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE993277_2_6AE99327
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFE91407_2_6AFE9140
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFA552D7_2_6AFA552D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B97307_2_6B0B9730
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6F6F2F077_2_6F6F2F07
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006902B08_2_006902B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006823208_2_00682320
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006685208_2_00668520
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006869508_2_00686950
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0060AC008_2_0060AC00
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00688DF08_2_00688DF0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0066B4508_2_0066B450
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006797B08_2_006797B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006818608_2_00681860
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0068D9008_2_0068D900
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0063F9108_2_0063F910
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006A79B08_2_006A79B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006EC0408_2_006EC040
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006780B08_2_006780B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006EA0908_2_006EA090
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0061E1708_2_0061E170
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006581208_2_00658120
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0066A1308_2_0066A130
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006221008_2_00622100
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0063A1B08_2_0063A1B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0060C2608_2_0060C260
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006A62408_2_006A6240
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006CA2008_2_006CA200
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006E221D8_2_006E221D
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0065E2A08_2_0065E2A0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006204608_2_00620460
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006CC4708_2_006CC470
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006D84568_2_006D8456
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_007004A98_2_007004A9
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006F64838_2_006F6483
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006E25AB8_2_006E25AB
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006225808_2_00622580
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0066A7E08_2_0066A7E0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0061C7B08_2_0061C7B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006A68108_2_006A6810
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0060C8808_2_0060C880
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006D69408_2_006D6940
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006429108_2_00642910
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006849C08_2_006849C0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00648B408_2_00648B40
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0061EB308_2_0061EB30
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0062AB108_2_0062AB10
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00622BC08_2_00622BC0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00624CB08_2_00624CB0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00672DF08_2_00672DF0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006010008_2_00601000
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0061D0008_2_0061D000
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006410B08_2_006410B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006B10908_2_006B1090
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006235108_2_00623510
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006215F08_2_006215F0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006A96508_2_006A9650
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006D16308_2_006D1630
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006F57E48_2_006F57E4
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006CD8408_2_006CD840
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006CF8008_2_006CF800
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0065B9B08_2_0065B9B0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0061DB408_2_0061DB40
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006C9B408_2_006C9B40
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0064BCD08_2_0064BCD0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00625CA08_2_00625CA0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0064FED08_2_0064FED0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006C9EB08_2_006C9EB0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0067BF108_2_0067BF10
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF7C191 appears 75 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C7B4 appears 518 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06AC0 appears 112 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AEAF8D7 appears 93 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9B025 appears 99 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C4DD appears 303 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C5E1 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9C6E4 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06772 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE925C6 appears 241 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE5F420 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9AD14 appears 276 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06A1B appears 217 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AEAF913 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9AE1C appears 116 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AE9B0CE appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF069E8 appears 310 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06A51 appears 114 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AF06A87 appears 177 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B0B5170 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6AEEC485 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B0B2930 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 006A9600 appears 61 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 006A8E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 00668650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 006A85BF appears 71 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 00631BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 006C4231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 006A8DFE appears 111 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 006A8713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: String function: 006AA3A0 appears 32 times
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: String function: 00618930 appears 52 times
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: String function: 00627650 appears 116 times
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: String function: 006281F0 appears 36 times
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: String function: 006B5E80 appears 41 times
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6932 -ip 6932
Source: Violated Heroine_91zbZ-1.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: installer.exe.5.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 23003272 bytes, 135 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 845 datablocks, 0x1 compression
Source: sciterui.dll.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: goopdateres_th.dll.13.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.13.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.13.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_ca.dll.14.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.14.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.14.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.7.drStatic PE information: No import functions for PE file found
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000000.1678801610.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Violated Heroine_91zbZ-1.exe
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Violated Heroine_91zbZ-1.exe
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.2775217524.0000000002218000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Violated Heroine_91zbZ-1.exe
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Violated Heroine_91zbZ-1.exe
Source: Violated Heroine_91zbZ-1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 7004, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Program Files (x86)\GUT3C14.tmp, type: DROPPEDMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
Source: qbittorrent.exe.1.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal60.rans.bank.spyw.evad.winEXE@66/284@28/7
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF1A11E __EH_prolog3_catch_GS,__EH_prolog3_catch_GS,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,GetShellWindow,GetWindowThreadProcessId,OpenProcess,GetLastError,GetShellWindow,GetProcessId,OpenProcessToken,GetLastError,DuplicateTokenEx,GetLastError,CreateProcessWithTokenW,GetLastError,GetLastError,7_2_6AF1A11E
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0062FF60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,8_2_0062FF60
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00634C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00634C8E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00635C1E CoCreateInstance,OleRun,5_2_00635C1E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00655318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,5_2_00655318
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/roaming/qbittorrent/lockfile
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeMutant created: NULL
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpMutant created: \Sessions\1\BaseNamedObjects\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\cd07f9800328a494fb74de01e351abcd
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{6885AE8E-C070-458d-9711-37B9BEAB65F6}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{0A175FBE-AEEC-4fea-855A-2AA549A88846}
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{B5665124-2B19-40e2-A7BC-B44321E72C4B}
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\d5f348929d1e1617a503f93a7ace6944
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2816:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6932
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeFile created: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /silent6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cookie6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /ppi_icd6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cust_ini6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Enabled6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxyType6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Port6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: User6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Password6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Properties6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /smbupd6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: enable6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: count6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: servers6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: urlpgm6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: server06_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: http://6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: https://6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: allow_fallback6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: installer.exe6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: {versionSwitch}6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: stable6_2_00EF52F0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: %s\%s6_2_00EF52F0
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ((visits.visit_time/1000000)-11644473600) AS vtime FROM 'visits' ORDER BY vtime DESC LIMIT 1;
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT %1 FROM %2 WHERE %3 = %4;
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT last_visit_date / 1000000 AS vtime FROM 'moz_places' ORDER BY vtime DESC LIMIT 1;
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT %1 FROM %2 ORDER BY %3;
Source: norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %1 SET %2 = %3 WHERE %4 = %5;
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT * FROM %1 WHERE %2 = %3;
Source: Violated Heroine_91zbZ-1.exeReversingLabs: Detection: 23%
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeFile read: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe "C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp "C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$10418,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /ga_clientid:19fb230f-7b30-4399-bcf4-24d721fda304 /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6932 -ip 6932
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0EyN0EzREM2LUQyRDQtNDc4QS05Q0NGLUI5MTE3MDFCMjc1MH0iIHVzZXJpZD0iezI0MzZFRTQ0LUM5RkYtNDFFNS1CMDdCLUY5REUyOTlBRkIyRX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDA5RUEtRkY0OS0xNzM4LUU4QzMtMTNGMEIwRjU4N0U2fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0Y1RjQ5MzZFLTM4QjUtNDkyOS1BRDVCLTM5NEJBQkM4MkZDRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTE1NyIvPjwvYXBwPjwvcmVxdWVzdD4
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{A27A3DC6-D2D4-478A-9CCF-B911701B2750}" /silent
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6932 -ip 6932
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av_slave_ep_63b86fed-aea9-4111-ad96-744efd95243c /slave:avg-av
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av-vps_slave_ep_a7fad2ef-b0bc-4eca-ba79-b29dd4a7a8de /slave:avg-av-vps
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp "C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$10418,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "qBittorrent" ENABLEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /ga_clientid:19fb230f-7b30-4399-bcf4-24d721fda304 /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0EyN0EzREM2LUQyRDQtNDc4QS05Q0NGLUI5MTE3MDFCMjc1MH0iIHVzZXJpZD0iezI0MzZFRTQ0LUM5RkYtNDFFNS1CMDdCLUY5REUyOTlBRkIyRX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDA5RUEtRkY0OS0xNzM4LUU4QzMtMTNGMEIwRjU4N0U2fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0Y1RjQ5MzZFLTM4QjUtNDkyOS1BRDVCLTM5NEJBQkM4MkZDRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTE1NyIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{A27A3DC6-D2D4-478A-9CCF-B911701B2750}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6932 -ip 6932
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6932 -ip 6932
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av_slave_ep_63b86fed-aea9-4111-ad96-744efd95243c /slave:avg-av
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av-vps_slave_ep_a7fad2ef-b0bc-4eca-ba79-b29dd4a7a8de /slave:avg-av-vps
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: zipfldr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: profapi.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: cryptsp.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: rsaenh.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: dpapi.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: winhttp.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: mswsock.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: winnsi.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: webio.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: sspicli.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: dnsapi.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: schannel.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ntasn1.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ncrypt.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: msasn1.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: gpapi.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Run
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Violated Heroine_91zbZ-1.exeStatic PE information: certificate valid
Source: Violated Heroine_91zbZ-1.exeStatic file information: File size 14472936 > 1048576
Source: Violated Heroine_91zbZ-1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000004149000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2998557371.000000006AE2E000.00000002.00000001.01000000.00000014.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.00000000045BF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserCrashHandler.exe, 0000001A.00000000.2468093605.0000000000FBD000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2998771454.000000006AE63000.00000002.00000001.01000000.00000013.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2999522743.000000006B0C2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserCrashHandler64.exe, 0000001C.00000000.2470429729.00007FF674C0E000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.2930761174.0000000000F13000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2263468482.0000000000F13000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000420C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004CE2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000000.2318277248.0000000000714000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2930627127.0000000000714000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C14000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.3000057348.000000006F6F6000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.0000000003156000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000407C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.00000000030AC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004B96000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2356434387.00000000019A6000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000319B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00672B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_00672B30
Source: Violated Heroine_91zbZ-1.exeStatic PE information: section name: .didata
Source: Violated Heroine_91zbZ-1.tmp.0.drStatic PE information: section name: .didata
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmetad
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmimed
Source: saBSI.exe.1.drStatic PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.1.drStatic PE information: section name: .didat
Source: installer.exe.5.drStatic PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.6.drStatic PE information: section name: .didat
Source: dump_process.exe.8.drStatic PE information: section name: .didat
Source: dump_process.exe.8.drStatic PE information: section name: _RDATA
Source: bug_report.exe.8.drStatic PE information: section name: _RDATA
Source: icarus.exe.8.drStatic PE information: section name: .didat
Source: icarus.exe.8.drStatic PE information: section name: _RDATA
Source: icarus_ui.exe.8.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.13.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.13.drStatic PE information: section name: _RDATA
Source: psmachine.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: _RDATA
Source: psuser.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.13.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.14.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.14.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A8DDB push ecx; ret 5_2_006A8DEE
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D7CFD push ecx; ret 5_2_006D7D12
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F01396 push ecx; ret 6_2_00F013A9
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE267F6 push ecx; ret 7_2_6AE26809
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5F466 push ecx; ret 7_2_6AE5F479
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF06B10 push ecx; ret 7_2_6AF06B23
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF069B6 push ecx; ret 7_2_6AF069C9
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AEB66B5 push ss; retf 7_2_6AEB66B6
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006B5A4C push ecx; ret 8_2_006B5A5F

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_00EFA100
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_006AC0E0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_006ABAA0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_006ABD80
Possible COM Object hijacking
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{93d643dc-f504-42e2-ae1c-14b2e116db0c}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{1F61E350-EF17-4D14-8C4F-9A4747F4F5F4}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\bug_report.exeJump to dropped file
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeFile created: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\acuapi_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_product.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\Midex.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\AccessControl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\jsis.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_mod.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_00EF52F0

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_00EFA100
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_006AC0E0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_006ABAA0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_006ABD80
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00660540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,5_2_00660540
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Checks if the current machine is a virtual machine (disk enumeration)
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Contain functionality to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: VBoxService.exe VBoxService.exe \VMware\VMware Tools \VMware\VMware Tools QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual BOCHS VBOX PRLS 7_2_6B0C0B40
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: VBoxService.exe VBoxService.exe 7_2_6B0C1840
Contains functionality to compare user and computer (likely to detect sandboxes)
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,7_2_6B0C0B40
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: norton_secure_browser_setup.exeBinary or memory string: DIR_WATCH.DLL
Source: norton_secure_browser_setup.exeBinary or memory string: JOEBOXSERVER.EXE
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST%/ASWHOOK.DLL</DEST>
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000007.00000002.2999726801.000000006B0CC000.00000004.00000001.01000000.00000010.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
Source: norton_secure_browser_setup.exeBinary or memory string: SBIEDLL.DLL
Source: norton_secure_browser_setup.exeBinary or memory string: API_LOG.DLL
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: norton_secure_browser_setup.exeBinary or memory string: SNIFF_HIT.EXE
Source: norton_secure_browser_setup.exeBinary or memory string: JOEBOXCONTROL.EXE
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: norton_secure_browser_setup.exeBinary or memory string: C:\MDS\WINDUMP.EXE
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: norton_secure_browser_setup.exeBinary or memory string: SYSANALYZER.EXE
Source: norton_secure_browser_setup.exeBinary or memory string: WIRESHARK.EXE
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware ToolsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0065E150 rdtsc 8_2_0065E150
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00634C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00634C8E
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\sciterui.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{1F61E350-EF17-4D14-8C4F-9A4747F4F5F4}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\acuapi_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_product.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\Midex.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\AccessControl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse2168.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp TID: 6164Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp TID: 7116Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 5664Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe TID: 744Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1712Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 5580Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 3548Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-RB179.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-RB179.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-RB179.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B7010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,7_2_6B0B7010
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00656F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_00656F60
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0064E180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_0064E180
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00654590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_00654590
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_00680AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00680AC0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00692782 VirtualQuery,GetSystemInfo,5_2_00692782
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-RB179.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extractJump to behavior
Source: norton_secure_browser_setup.exeBinary or memory string: VMware
Source: qbittorrent.exe, 0000000B.00000002.2974667681.0000000004939000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2323323952.00000000036BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: norton_secure_browser_setup.exeBinary or memory string: VBoxService.exe
Source: norton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWXt
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: qbittorrent.exe, 0000000B.00000000.2357172065.0000000001A71000.00000008.00000001.01000000.00000018.sdmp, qbittorrent.exe, 0000000B.00000002.2973042547.0000000001A83000.00000008.00000001.01000000.00000018.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@8"
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318186166.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWyQ
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2322349943.00000000036D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:z
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2286706083.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.00000000051E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: saBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2320647666.00000000036D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:s%%
Source: norton_secure_browser_setup.exe, 00000007.00000003.2331227693.0000000003E31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.2940571364.00000000036A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{]
Source: saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2286706083.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335319702.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW>vU~
Source: norton_secure_browser_setup.exeBinary or memory string: QEMU_
Source: norton_secure_browser_setup.exe, 00000007.00000003.2331227693.0000000003E31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}-$o
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768108482.0000000000AAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, I
Source: norton_secure_browser_setup.exeBinary or memory string: \VMware\VMware Tools
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2767969442.00000000036D2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Sending report, Status: 3 Data: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223130004\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"Violated Heroine\",\"18\":\"\",\"19\":\"noChGroupx1\",\"21\":\"gamefabrique\",\"6\":\"3\",\"7\":\"2.40.1.8919\",\"15\":0,\"22\":\"Violated Heroine\",\"10\":1}"},\"6}\\brand\\PRFG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFI","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFK","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUC","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUI"],"cp":"https://www.avast.com/privacy","ctu":"https://www.avast.com/eula","ov":61,"cbfo":true,"pv":"1.32","v":3}},{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}3~
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2688500292.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2708643385.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2347943293.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2656308314.000000000370A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2573256039.000000000370A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2523169614.0000000003714000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2686557311.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2369578044.0000000003715000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2626740811.000000000370A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
Source: qbittorrent.exe, 0000000B.00000000.2357172065.0000000001A71000.00000008.00000001.01000000.00000018.sdmp, qbittorrent.exe, 0000000B.00000002.2973042547.0000000001A83000.00000008.00000001.01000000.00000018.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0C0B40 CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,7_2_6B0C0B40
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_0065E150 rdtsc 8_2_0065E150
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C70B4 IsDebuggerPresent,OutputDebugStringW,5_2_006C70B4
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00645204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,5_2_00645204
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00634C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00634C8E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D7BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C5_2_006D7BC0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_00672B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_00672B30
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006BE8FE mov eax, dword ptr fs:[00000030h]5_2_006BE8FE
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C7C6A mov eax, dword ptr fs:[00000030h]5_2_006C7C6A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C7CF2 mov eax, dword ptr fs:[00000030h]5_2_006C7CF2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C7CAE mov eax, dword ptr fs:[00000030h]5_2_006C7CAE
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C7D23 mov eax, dword ptr fs:[00000030h]5_2_006C7D23
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F07C5A mov eax, dword ptr fs:[00000030h]6_2_00F07C5A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE25683 mov eax, dword ptr fs:[00000030h]7_2_6AE25683
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4FBBF mov eax, dword ptr fs:[00000030h]7_2_6AE4FBBF
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE514BE mov eax, dword ptr fs:[00000030h]7_2_6AE514BE
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5147A mov eax, dword ptr fs:[00000030h]7_2_6AE5147A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB75B4 mov eax, dword ptr fs:[00000030h]7_2_6AFB75B4
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB7528 mov eax, dword ptr fs:[00000030h]7_2_6AFB7528
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFA0835 mov eax, dword ptr fs:[00000030h]7_2_6AFA0835
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006F8F06 mov eax, dword ptr fs:[00000030h]8_2_006F8F06
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006F8F4A mov eax, dword ptr fs:[00000030h]8_2_006F8F4A
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006F35B7 mov ecx, dword ptr fs:[00000030h]8_2_006F35B7
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_0063463F GetProcessHeap,5_2_0063463F
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_006A9018
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006A93F2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006AD453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006AD453
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A9586 SetUnhandledExceptionFilter,5_2_006A9586
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F010FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00F010FF
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F01292 SetUnhandledExceptionFilter,6_2_00F01292
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F013AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00F013AB
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00F04476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00F04476
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE26349 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6AE26349
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE2504A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE2504A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE269A2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE269A2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5F76F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE5F76F
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE4FCD2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AE4FCD2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AE5F47B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6AE5F47B
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF07AD6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AF07AD6
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF07CDA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6AF07CDA
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AF87181 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6AF87181
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0B58D0 lstrcmpW,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,7_2_6B0B58D0
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006DEE56 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_006DEE56
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006B5168 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_006B5168
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: 8_2_006B5C80 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_006B5C80
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0BB610 nsExecLogonUser,7_2_6B0BB610
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /ga_clientid:19fb230f-7b30-4399-bcf4-24d721fda304 /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476Jump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0EyN0EzREM2LUQyRDQtNDc4QS05Q0NGLUI5MTE3MDFCMjc1MH0iIHVzZXJpZD0iezI0MzZFRTQ0LUM5RkYtNDFFNS1CMDdCLUY5REUyOTlBRkIyRX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDA5RUEtRkY0OS0xNzM4LUU4QzMtMTNGMEIwRjU4N0U2fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0Y1RjQ5MzZFLTM4QjUtNDkyOS1BRDVCLTM5NEJBQkM4MkZDRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTE1NyIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{A27A3DC6-D2D4-478A-9CCF-B911701B2750}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6932 -ip 6932
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6932 -ip 6932
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av_slave_ep_63b86fed-aea9-4111-ad96-744efd95243c /slave:avg-av
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av-vps_slave_ep_a7fad2ef-b0bc-4eca-ba79-b29dd4a7a8de /slave:avg-av-vps
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /ga_clientid:19fb230f-7b30-4399-bcf4-24d721fda304 /edat_dir:c:\windows\temp\asw.637ee06e7bed0476
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum3c03.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0eyn0ezrem2luqyrdqtndc4qs05q0nglui5mte3mdfcmjc1mh0iihvzzxjpzd0iezi0mzzfrtq0lum5rkytndffns1cmddcluy5reuyotlbrkiyrx0iihvzzxjpzf9kyxrlpsiymdi0mtiymyigbwfjagluzwlkpsj7mdawmda5ruetrky0os0xnzm4luu4qzmtmtngmeiwrju4n0u2fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmjiziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0ie0y1rjq5mzzfltm4qjutndkyos1brdvcltm5nejbqkm4mkzdrn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0inte1nyivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{a27a3dc6-d2d4-478a-9ccf-b911701b2750}" /silent
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av_slave_ep_63b86fed-aea9-4111-ad96-744efd95243c /slave:avg-av
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av-vps_slave_ep_a7fad2ef-b0bc-4eca-ba79-b29dd4a7a8de /slave:avg-av-vps
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /ga_clientid:19fb230f-7b30-4399-bcf4-24d721fda304 /edat_dir:c:\windows\temp\asw.637ee06e7bed0476Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304
Source: C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum3c03.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0eyn0ezrem2luqyrdqtndc4qs05q0nglui5mte3mdfcmjc1mh0iihvzzxjpzd0iezi0mzzfrtq0lum5rkytndffns1cmddcluy5reuyotlbrkiyrx0iihvzzxjpzf9kyxrlpsiymdi0mtiymyigbwfjagluzwlkpsj7mdawmda5ruetrky0os0xnzm4luu4qzmtmtngmeiwrju4n0u2fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmjiziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0ie0y1rjq5mzzfltm4qjutndkyos1brdvcltm5nejbqkm4mkzdrn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0inte1nyivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{a27a3dc6-d2d4-478a-9ccf-b911701b2750}" /silent
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av_slave_ep_63b86fed-aea9-4111-ad96-744efd95243c /slave:avg-av
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeProcess created: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe c:\windows\temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbk24uvqgfweetg2yrerbxxkfueik03xoghzfcwexygx8kx0ndqwiqxra4x2goh2xlwbda /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av-vps_slave_ep_a7fad2ef-b0bc-4eca-ba79-b29dd4a7a8de /slave:avg-av-vps
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6B0BA3A0 GetVersion,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,7_2_6B0BA3A0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A9215 cpuid 5_2_006A9215
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_006C45DA
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_006CC952
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_006CC907
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_006CC9ED
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_006CCA80
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_006CCCE0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_006CCE06
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_006CCF0C
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_006CCFDB
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoEx,5_2_006A7E28
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_006C3F6D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE54278
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_6AE5439E
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_6AE54025
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE51164
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE53EFF
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE53EB4
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE53E0D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE53F9A
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AE544A4
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AE50C40
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,7_2_6AE53C12
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_6AE54573
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFBEA4D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_6AFBEB75
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFB2F18
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFBEC7D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_6AFBED50
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,7_2_6AFBE3C3
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoEx,7_2_6AF0637C
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFBE6D2
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFBE669
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_6AFBE7F8
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,7_2_6AFBE76D
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFBE5C0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,7_2_6AFB39CC
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wsprintfW,7_2_6B0B78C0
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrcpyW,lstrcpyW,wsprintfW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,7_2_6B0B7510
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: nsGetLocaleInfo,GetLocaleInfoW,7_2_6B0BE580
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_006FC039
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_006FC20E
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_006F86CD
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,8_2_006F8C33
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,8_2_006FB88F
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_006FBB37
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_006FBB82
Source: C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_006FBC1D
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\AVG_AV.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\AVG_BRW.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\finish.png VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C4619 GetSystemTimeAsFileTime,5_2_006C4619
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFF79B6 __EH_prolog3_GS,LookupAccountNameW,GetLastError,7_2_6AFF79B6
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_6AFB26E8 _free,GetTimeZoneInformation,_free,7_2_6AFB26E8
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00EF41B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,6_2_00EF41B0
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the windows firewall
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "qBittorrent" ENABLE
Uses netsh to modify the Windows network and firewall settings
Source: C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: norton_secure_browser_setup.exeBinary or memory string: C:\virus\virus.exe
Source: norton_secure_browser_setup.exeBinary or memory string: wireshark.exe
Source: norton_secure_browser_setup.exeBinary or memory string: C:\Kit\procexp.exe
Source: norton_secure_browser_setup.exeBinary or memory string: C:\virus.exe
Source: C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_XP
Source: norton_secure_browser_setup.exe, 00000007.00000002.2999109259.000000006B00E000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: j...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J
Source: norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
1
Software		Acquire Infrastructure2
Valid Accounts		2
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		22
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services11
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains1
Replication Through Removable Media		2
Native API		1
Image File Execution Options Injection		1
Image File Execution Options Injection		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts12
Command and Scripting Interpreter		1
Component Object Model Hijacking		1
Component Object Model Hijacking		2
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin Shares1
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		2
Valid Accounts		2
Valid Accounts		1
Software Packing		NTDS4
File and Directory Discovery		Distributed Component Object ModelInput Capture15
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Windows Service		21
Access Token Manipulation		1
DLL Side-Loading		LSA Secrets77
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Scheduled Task/Job		1
Windows Service		1
File Deletion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd Timers1
Registry Run Keys / Startup Folder		12
Process Injection		22
Masquerading		DCSync6101
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
Bootkit		1
Scheduled Task/Job		2
Valid Accounts		Proc Filesystem25
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
Registry Run Keys / Startup Folder		25
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow12
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
Access Token Manipulation		Network Sniffing3
System Owner/User Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
Process Injection		Input Capture1
Remote System Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Bootkit		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580037 Sample: Violated Heroine_91zbZ-1.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 60 142 v7event.stats.avast.com 2->142 144 update.norton.securebrowser.com 2->144 146 16 other IPs or domains 2->146 166 Malicious sample detected (through community Yara rule) 2->166 168 Antivirus / Scanner detection for submitted sample 2->168 170 Multi AV Scanner detection for submitted file 2->170 172 5 other signatures 2->172 12 Violated Heroine_91zbZ-1.exe 2 2->12         started        15 NortonBrowserUpdate.exe 2->15         started        18 NortonBrowserUpdate.exe 2->18         started        20 4 other processes 2->20 signatures3 process4 dnsIp5 122 C:\Users\...\Violated Heroine_91zbZ-1.tmp, PE32 12->122 dropped 23 Violated Heroine_91zbZ-1.tmp 5 32 12->23         started        124 {1F61E350-EF17-4D1...rowserInstaller.exe, PE32+ 15->124 dropped 204 Query firmware table information (likely to detect VMs) 15->204 27 NortonBrowserUpdate.exe 18->27         started        29 NortonBrowserCrashHandler.exe 18->29         started        31 NortonBrowserCrashHandler64.exe 18->31         started        148 127.0.0.1 unknown unknown 20->148 33 WerFault.exe 20->33         started        35 NortonBrowserUpdate.exe 20->35         started        37 NortonBrowserUpdate.exe 20->37         started        39 WerFault.exe 20->39         started        file6 signatures7 process8 dnsIp9 150 18.161.108.224, 443, 49786 MIT-GATEWAYSUS United States 23->150 152 d3ben4sjdmrs9v.cloudfront.net 65.9.108.213, 443, 49733, 49734 AMAZON-02US United States 23->152 102 C:\Users\user\AppData\...\qbittorrent.exe, PE32 23->102 dropped 104 C:\Users\...\norton_secure_browser_setup.exe, PE32 23->104 dropped 106 C:\Users\...\avg_antivirus_free_setup.exe, PE32 23->106 dropped 108 9 other files (7 malicious) 23->108 dropped 41 avg_antivirus_free_setup.exe 1 3 23->41         started        46 norton_secure_browser_setup.exe 14 93 23->46         started        48 saBSI.exe 10 6 23->48         started        50 4 other processes 23->50 file10 process11 dnsIp12 154 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49754, 49776 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 41->154 110 C:\...\avg_antivirus_free_online_setup.exe, PE32 41->110 dropped 184 Query firmware table information (likely to detect VMs) 41->184 186 Contains functionality to infect the boot sector 41->186 52 avg_antivirus_free_online_setup.exe 41->52         started        156 stats.securebrowser.com 104.20.87.8, 443, 49778, 49823 CLOUDFLARENETUS United States 46->156 112 C:\Users\user\AppData\...\thirdparty.dll, PE32 46->112 dropped 114 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 46->114 dropped 116 C:\Users\user\AppData\Local\...\reboot.dll, PE32 46->116 dropped 120 9 other files (none is malicious) 46->120 dropped 188 Contain functionality to detect virtual machines 46->188 190 Checks if browser processes are running 46->190 192 Tries to harvest and steal browser information (history, passwords, etc) 46->192 196 3 other signatures 46->196 56 NortonBrowserUpdateSetup.exe 46->56         started        158 mosaic-nova.apis.mcafee.com 52.35.239.119, 443, 49749, 49751 AMAZON-02US United States 48->158 118 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 48->118 dropped 194 Writes many files with high entropy 48->194 58 conhost.exe 50->58         started        file13 signatures14 process15 file16 86 C:\Windows\Temp\...\icarus.exe, PE32+ 52->86 dropped 88 C:\Windows\Temp\...\setupui.cont, XZ 52->88 dropped 90 C:\...\a9695c8b-563a-4daa-858b-bb73662d6297, LZMA 52->90 dropped 98 9 other files (5 malicious) 52->98 dropped 176 Query firmware table information (likely to detect VMs) 52->176 178 Contains functionality to infect the boot sector 52->178 180 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 52->180 182 Writes many files with high entropy 52->182 60 icarus.exe 52->60         started        92 C:\...92ortonBrowserUpdate.exe, PE32 56->92 dropped 94 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 56->94 dropped 96 C:\Program Files (x86)\...\psuser.dll, PE32 56->96 dropped 100 69 other files (none is malicious) 56->100 dropped 65 NortonBrowserUpdate.exe 56->65         started        signatures17 process18 dnsIp19 160 shepherd-gcp.ff.avast.com 34.160.176.28, 443, 49893, 49905 ATGS-MMD-ASUS United States 60->160 162 shepherd.ff.avast.com 60->162 164 5 other IPs or domains 60->164 126 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 60->126 dropped 128 C:\Windows\Temp\...\icarus_product.dll, PE32+ 60->128 dropped 130 C:\Windows\Temp\...\icarus.exe, PE32+ 60->130 dropped 138 15 other files (10 malicious) 60->138 dropped 198 Query firmware table information (likely to detect VMs) 60->198 200 Writes many files with high entropy 60->200 67 icarus.exe 60->67         started        70 icarus.exe 60->70         started        132 C:\...132ortonBrowserUpdate.exe, PE32 65->132 dropped 134 C:\Program Files (x86)\...\psmachine_64.dll, PE32+ 65->134 dropped 136 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 65->136 dropped 140 70 other files (none is malicious) 65->140 dropped 202 Creates an undocumented autostart registry key 65->202 72 NortonBrowserUpdate.exe 65->72         started        74 NortonBrowserUpdate.exe 65->74         started        76 NortonBrowserUpdate.exe 65->76         started        78 NortonBrowserUpdate.exe 65->78         started        file20 signatures21 process22 signatures23 174 Query firmware table information (likely to detect VMs) 67->174 80 NortonBrowserUpdateComRegisterShell64.exe 72->80         started        82 NortonBrowserUpdateComRegisterShell64.exe 72->82         started        84 NortonBrowserUpdateComRegisterShell64.exe 72->84         started        process24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Violated Heroine_91zbZ-1.exe24%ReversingLabsWin32.Trojan.Generic
Violated Heroine_91zbZ-1.exe100%AviraHEUR/AGEN.1332558

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateOnDemand.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateSetup.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateWebPlugin.exe0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\acuapi.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\acuapi_64.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdate.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_am.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ar.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bg.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bn.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ca.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_cs.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_da.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_de.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_el.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en-GB.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_es-419.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_es.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_et.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fa.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fi.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fil.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fr.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_gu.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hi.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hr.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hu.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_id.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_is.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_it.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_iw.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ja.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_kn.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ko.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lt.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lv.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ml.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_mr.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ms.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_nl.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_no.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pl.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-BR.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-PT.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ro.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ru.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sk.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sl.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sr.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sv.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sw.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ta.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_te.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_th.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_tr.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_uk.dll0%ReversingLabs
C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ur.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://analytics.apis.mcafee.comse0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippNi-0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/zbdt0%Avira URL Cloudsafe
http://doc.qbittorrent.orgUse0%Avira URL Cloudsafe
http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/en-us/policy/legal.htmlp0%Avira URL Cloudsafe
http://qt-project.org/xml/features/report-whitespace-only-CharData0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipp0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/sa/bsi/win/binary/0%Avira URL Cloudsafe
https://firefoxextension.avast.com/aos/update.json0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/saLOCALAqH0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/v/wa-how.htmlM0%Avira URL Cloudsafe
https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingPar0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi#0%Avira URL Cloudsafe
http://bugs.qbittorrent.org.badagentDynamic0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net:443/zbd7b81be6a-ce2b-4676-a29e-eb907a5126c50%Avira URL Cloudsafe
http://bugs.qbittorrent.org0%Avira URL Cloudsafe
http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlg0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml0%Avira URL Cloudsafe
https://analytics.apis0%Avira URL Cloudsafe
http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on0%Avira URL Cloudsafe
https://www.libtorrent.org/reference-Settings.html#listen_queue_size0%Avira URL Cloudsafe
https://sadownload.mcafee.com:443/products/SA/BSI/bsi_vars.xml0%Avira URL Cloudsafe
https://www.libtorrent.org/reference-Settings.html#seed_choking_algorithm0%Avira URL Cloudsafe
https://my.avast.com0%Avira URL Cloudsafe
http://forum.qbittorrent.org0%Avira URL Cloudsafe
https://www.mcafee.com/consumer/en-us/policy/legal.html$0%Avira URL Cloudsafe
https://pair.ff.avast.com0%Avira URL Cloudsafe
https://www.libtorrent.org/reference-Settings.html#max_concurrent_http_announces0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-start-end-entity0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlD0%Avira URL Cloudsafe
https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/0%Avira URL Cloudsafe
http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
https://analytics.apis.mcafee.com/0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/v1/bsi0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/sa/bsi/win/binary0%Avira URL Cloudsafe
https://www.libtorrent.org/reference-Settings.html#suggest_mode0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngngi0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0%Avira URL Cloudsafe
https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/0%Avira URL Cloudsafe
https://www.libtorrent.org/reference-Settings.html#hashing_threads0%Avira URL Cloudsafe
https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.png0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d3ben4sjdmrs9v.cloudfront.net
65.9.108.213
truefalse
    		unknown
    update.norton.securebrowser.com
    		104.20.87.8
    		truefalse
      		high
      shepherd-gcp.ff.avast.com
      		34.160.176.28
      		truefalse
        		high
        mosaic-nova.apis.mcafee.com
        		52.35.239.119
        		truefalse
          		unknown
          analytics-prod-gcp.ff.avast.com
          		34.117.223.223
          		truefalse
            		high
            stats.securebrowser.com
            		104.20.87.8
            		truefalse
              		high
              v7event.stats.avast.com
              		unknown
              		unknownfalse
                		high
                analytics.apis.mcafee.com
                		unknown
                		unknownfalse
                  		unknown
                  home.mcafee.com
                  		unknown
                  		unknownfalse
                    		unknown
                    sadownload.mcafee.com
                    		unknown
                    		unknownfalse
                      		unknown
                      shepherd.avcdn.net
                      		unknown
                      		unknownfalse
                        		high
                        cdn-update.norton.securebrowser.com
                        		unknown
                        		unknownfalse
                          		high
                          analytics.avcdn.net
                          		unknown
                          		unknownfalse
                            		high
                            honzik.avcdn.net
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://update.norton.securebrowser.com/service/update2?cup2key=9:2325133778&cup2hreq=ef55a330628f0611717bfccc6e8f9491ad1839bd66c44bc74ad06e0136c3ddd4false
                                		high
                                https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngfalse
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://www.avast.com/privacy-policyxViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BFViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://webcompanion.com/termsViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://d3ben4sjdmrs9v.cloudfront.net/zbdtViolated Heroine_91zbZ-1.tmp, 00000001.00000002.2769747107.0000000004FC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://home.mcafee.com/Root/AboutUs.aspx?id=eulaViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/saBSI.exe, 00000005.00000003.2335992239.0000000005BC8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336040810.0000000005BC8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2333280659.0000000005BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippNi-Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394051239.0000000005010000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2770395859.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://qt-project.org/xml/features/report-whitespace-only-CharDataqbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://doc.qbittorrent.orgUseViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://analytics.apis.mcafee.comsesaBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3avg_antivirus_free_online_setup.exe, 00000008.00000003.2688765353.0000000005C03000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2430840813.0000000003722000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.mcafee.com/consumer/en-us/policy/legal.htmlpViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2394344958.0000000006B44000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bugreports.qt.io/qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpfalse
                                            		high
                                            https://docs.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.python.org/ftp/python/3.8.10/python-3.8.10.exeViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/qbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000C.00000003.2360178191.00000217D7ACA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://libtorrent.org/single-page-ref.html#piece_extent_affinityViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://firefoxextension.avast.com/aos/update.jsonavg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://sadownload.mcafee.com/products/sa/bsi/win/binary/saBSI.exe, 00000005.00000002.2956869892.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914882208.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2409122897.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2522960363.0000000005BDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.mcafee.com/consumer/v/wa-how.htmlMsaBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingParnorton_secure_browser_setup.exe, 00000007.00000002.2954901836.00000000027B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.avg.com/ww-en/eula/en-us/Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2395249728.0000000005036000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2771018396.0000000005038000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.razer.com/legal/customer-privacy-policynaViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.remobjects.com/psViolated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1685742881.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                          		high
                                                          https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi#Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlsaBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528223416.0000000005BC4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2523046575.0000000005BC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2409122897.0000000005BCA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2406263165.0000000005BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://sadownload.mcafee.com/products/saLOCALAqHsaBSI.exe, 00000005.00000002.2937438476.000000000336E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://bugs.qbittorrent.org.badagentDynamicViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://d3ben4sjdmrs9v.cloudfront.net:443/zbd7b81be6a-ce2b-4676-a29e-eb907a5126c5Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.innosetup.com/Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1685742881.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                            		high
                                                            https://winqual.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://bugs.qbittorrent.orgViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://analytics.avcdn.net:443/v4/receive/json/255/f6c29c470a756f71f14ad40453e27aa8e141bd3443b84483avg_antivirus_free_online_setup.exe, 00000008.00000002.2940571364.00000000036A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://stats.securebrowser.com/?_=1734976801131&retry_tracking_count=0&last_request_error_code=0&lanorton_secure_browser_setup.exe, 00000007.00000003.2609624908.0000000003E44000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBIavg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.razer.com/legal/customer-privacy-policy~bViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768191278.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1898522123.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1867337185.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://my.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.zhongyicts.com.cnqbittorrent.exe, 0000000B.00000002.2974667681.000000000497B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.google.com/document/installwebapp?usp=chrome_dnorton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.ccleaner.com/about/privacy-policyuViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000C.00000003.2360178191.00000217D7A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-onqbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlgsaBSI.exe, 00000005.00000003.2335319702.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xmlsaBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2334118625.0000000003428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.000000000342D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2336093670.000000000342A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.libtorrent.org/reference-Settings.html#seed_choking_algorithmViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0avg_antivirus_free_setup.exe, 00000006.00000003.2318009814.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://id.avast.com/inAvastiumavg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://chrome.google.com/webstorenorton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://shepherd.avcdn.netavg_antivirus_free_online_setup.exe, 00000008.00000003.2656974418.0000000005D2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drive-daily-2.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.avg.com/ww-en/privacy-us/DViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2395249728.0000000005036000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2771018396.0000000005038000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.libtorrent.org/reference-Settings.html#listen_queue_sizeViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://crl.ver)svchost.exe, 0000000C.00000002.2969061863.00000217D7C00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://checkip.dyndns.orgViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.opera.com/he/eula/computersViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://reasonlabs.com/policViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://sadownload.mcafee.com:443/products/SA/BSI/bsi_vars.xmlsaBSI.exe, 00000005.00000003.2335319702.00000000033C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://analytics.apissaBSI.exe, 00000005.00000003.2528782221.0000000003429000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003427000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915322188.0000000003426000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://drive-daily-1.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://forum.qbittorrent.orgViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_setup.exe, 00000006.00000002.2935346727.000000000516F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.0000000005172000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314946294.000000000517D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.mcafee.com/consumer/en-us/policy/legal.html$Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://drive-daily-5.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://pair.ff.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.opera.com/he/eula/computersfViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xmlDsaBSI.exe, 00000005.00000003.2335319702.0000000003421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.libtorrent.org/reference-Settings.html#max_concurrent_http_announcesViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://https://:allow_fallback/installer.exeavg_antivirus_free_setup.exe, 00000006.00000002.2930761174.0000000000F13000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2263468482.0000000000F13000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://submit.sb.avast.com/V1/PD/avg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/rsaBSI.exe, 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000000.2232981789.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://viruslab-samples.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zavg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.nortonlifelock.com/norton_secure_browser_setup.exe, 00000007.00000003.2369730401.0000000004A11000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2369800742.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2965863605.00000000030C4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.2995798653.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004520000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.00000000041C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004D1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000331F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000420C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C14000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.00000000030AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000004149000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2373090614.000000000319B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2376070191.0000000004CE2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.000000000407C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2384465650.0000000003FFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://trolltech.com/xml/features/report-start-end-entityqbittorrent.exe, 0000000B.00000002.2954356850.0000000001774000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/saBSI.exe, 00000005.00000003.2522960363.0000000005BCA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528311551.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2915133433.00000000033AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://drive-preprod.corp.google.com/norton_secure_browser_setup.exe, 00000007.00000003.2319784461.00000000005F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.avast.com/prVersionViolated Heroine_91zbZ-1.tmp, 00000001.00000002.2758636962.00000000024B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://analytics.apis.mcafee.com/saBSI.exe, 00000005.00000003.2528458421.00000000033C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.00000000033A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://sadownload.mcafee.com/products/SA/v1/bsisaBSI.exe, 00000005.00000003.2528223416.0000000005BC4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2523046575.0000000005BC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2406263165.0000000005BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://sadownload.mcafee.com/products/sa/bsi/win/binarysaBSI.exe, 00000005.00000003.2528223416.0000000005BC4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2913653422.0000000005BC1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2523046575.0000000005BC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2956869892.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2406263165.0000000005BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgiavg_antivirus_free_setup.exe, 00000006.00000002.2939188637.00000000051E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2326301330.00000000051E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.libtorrent.org/reference-Settings.html#suggest_modeViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.pngViolated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756120981.0000000000A01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngngiViolated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A91000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756120981.0000000000A01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://ocsp.sectigo.com0Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/saBSI.exe, 00000005.00000003.2336093670.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2914989810.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2528782221.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2335566694.0000000003441000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.2937438476.0000000003441000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://webcompanion.com/termsDViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2394412245.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1768223267.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.2756536222.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1769391037.0000000000A96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeavg_antivirus_free_online_setup.exe, 00000008.00000003.2688021267.0000000005CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.avast.com0/Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2262929311.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2314867549.0000000007B13000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.2952436722.0000000005560000.00000002.00000001.00040000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2370303683.0000000005CF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2437955078.0000000005F66000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2526563304.00000000060DC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2574423377.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2628913764.0000000005EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://honzik.avcdn.net:443/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8bavg_antivirus_free_online_setup.exe, 00000008.00000002.2940571364.00000000036A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.libtorrent.org/reference-Settings.html#hashing_threadsViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2383842007.0000000008100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Violated Heroine_91zbZ-1.exe, 00000000.00000003.1684469311.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1682316918.0000000002630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.google.com/document/instalnorton_secure_browser_setup.exe, 00000007.00000002.2943171462.00000000005C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      65.9.108.213
                                                                                                                                      		d3ben4sjdmrs9v.cloudfront.netUnited States
                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                      104.20.87.8
                                                                                                                                      		update.norton.securebrowser.comUnited States
                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                      52.35.239.119
                                                                                                                                      		mosaic-nova.apis.mcafee.comUnited States
                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                      34.160.176.28
                                                                                                                                      		shepherd-gcp.ff.avast.comUnited States
                                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                                      34.117.223.223
                                                                                                                                      		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                      18.161.108.224
                                                                                                                                      		unknownUnited States
                                                                                                                                      		3MIT-GATEWAYSUSfalse

                                                                                                                                      Private

                                                                                                                                      IP
                                                                                                                                      127.0.0.1

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                      Analysis ID:1580037
                                                                                                                                      Start date and time:2024-12-23 18:58:04 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 12m 50s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:40
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:Violated Heroine_91zbZ-1.exe
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal60.rans.bank.spyw.evad.winEXE@66/284@28/7
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 80%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 89%
                                                                                                                                      • Number of executed functions: 117
                                                                                                                                      • Number of non-executed functions: 161
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.109.210.53, 2.22.50.131, 2.22.50.144, 40.69.42.241, 52.165.164.15, 172.217.19.206, 23.212.89.10, 20.12.23.50, 23.32.239.9, 2.19.198.34, 184.28.90.27, 23.193.114.32, 23.193.114.24, 20.42.65.92, 104.18.21.226, 104.18.20.226, 104.121.9.76, 2.16.168.105, 2.16.168.115, 13.107.246.63, 40.126.53.12
                                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, cdn.globalsigncdn.com.cdn.cloudflare.net, ccdn-wildcard.mcafee.com.edgekey.net, a1546.dscd.akamai.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, secure.globalsign.com, e11474.b.akamaiedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.google-analytics.com, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e9229.dscd.akamaiedge.net, s-honzik.avcdn.net.edgekey.net, a866.dscd.akamai.net, ctldl.windowsupdate.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, cdn-update.norton.securebrowser.com.akamaized.net, global.prd.cdn.globalsign.com, fe3.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloud
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                      • VT rate limit hit for: Violated Heroine_91zbZ-1.exe

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      12:59:04API Interceptor9x Sleep call for process: Violated Heroine_91zbZ-1.tmp modified
                                                                                                                                      12:59:59API Interceptor2x Sleep call for process: avg_antivirus_free_setup.exe modified
                                                                                                                                      13:00:03API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                      13:00:04API Interceptor8x Sleep call for process: avg_antivirus_free_online_setup.exe modified
                                                                                                                                      13:00:04API Interceptor3x Sleep call for process: qbittorrent.exe modified
                                                                                                                                      13:00:17API Interceptor2x Sleep call for process: NortonBrowserUpdate.exe modified
                                                                                                                                      13:00:36API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                      13:00:59API Interceptor4x Sleep call for process: icarus.exe modified
                                                                                                                                      18:00:14Task SchedulerRun new task: NortonUpdateTaskMachineCore path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/c
                                                                                                                                      18:00:14Task SchedulerRun new task: NortonUpdateTaskMachineUA path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/ua /installsource scheduler

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      34.117.223.223avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                      104.20.87.8SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                            34.160.176.28lw2HMxuVuf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  https://www.ccleaner.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                    https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                      https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                        SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                shepherd-gcp.ff.avast.comlw2HMxuVuf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                ccsetup624.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                analytics-prod-gcp.ff.avast.comlw2HMxuVuf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                avast_free_antivirus_setup_online.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                94.exeGet hashmaliciousUrsnifBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                mosaic-nova.apis.mcafee.comhttp://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeGet hashmaliciousPoisonivyBrowse
                                                                                                                                                                • 54.200.239.173
                                                                                                                                                                $RWRW8GN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 52.36.122.185
                                                                                                                                                                http://www.poweriso-mirror.com/PowerISO8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.218.83.162
                                                                                                                                                                MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 35.167.194.178
                                                                                                                                                                MDE_File_Sample_bacdeece4458ac1ee50cb505bd775588c4616b45.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 54.190.8.5
                                                                                                                                                                fences-1.0.1.0.0-installer_t-TafY1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                • 52.26.81.29
                                                                                                                                                                d3ben4sjdmrs9v.cloudfront.netTeam Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 65.9.23.130
                                                                                                                                                                Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 65.9.23.130

                                                                                                                                                                ASNs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                ATGS-MMD-ASUS5diately.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 57.150.87.129
                                                                                                                                                                https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.149.135.19
                                                                                                                                                                armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.136.15.254
                                                                                                                                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 57.246.167.77
                                                                                                                                                                1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.46.4.130
                                                                                                                                                                3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 48.112.212.78
                                                                                                                                                                loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 57.149.133.181
                                                                                                                                                                loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 48.141.176.250
                                                                                                                                                                loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 34.45.120.89
                                                                                                                                                                loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 48.180.175.211
                                                                                                                                                                CLOUDFLARENETUSvFile__0054seconds__Airborn.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                https://jkqbjwq.maxiite.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.16.123.96
                                                                                                                                                                [External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 172.66.43.2
                                                                                                                                                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 104.21.50.192
                                                                                                                                                                https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 172.67.210.5
                                                                                                                                                                3gPZmVbozD.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 172.67.183.84
                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                AMAZON-02UShttps://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 3.160.196.35
                                                                                                                                                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 108.158.75.55
                                                                                                                                                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 13.248.241.119
                                                                                                                                                                http://plnbl.io/review/FSUQBEfTfzwHGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 54.192.107.121
                                                                                                                                                                NAnOVCOt4L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 185.166.143.50
                                                                                                                                                                fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                • 185.166.143.48
                                                                                                                                                                OtHVIQ2ge4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 185.166.143.49
                                                                                                                                                                fr2Mul3G6m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 185.166.143.49
                                                                                                                                                                ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                • 3.160.188.50
                                                                                                                                                                Payout Receipts.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 52.89.58.139
                                                                                                                                                                AMAZON-02UShttps://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 3.160.196.35
                                                                                                                                                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 108.158.75.55
                                                                                                                                                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 13.248.241.119
                                                                                                                                                                http://plnbl.io/review/FSUQBEfTfzwHGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 54.192.107.121
                                                                                                                                                                NAnOVCOt4L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 185.166.143.50
                                                                                                                                                                fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                • 185.166.143.48
                                                                                                                                                                OtHVIQ2ge4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 185.166.143.49
                                                                                                                                                                fr2Mul3G6m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 185.166.143.49
                                                                                                                                                                ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                • 3.160.188.50
                                                                                                                                                                Payout Receipts.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 52.89.58.139

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                28a2c9bd18a11de089ef85a160da29e4jqplot.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                http://aselog24x7.cl/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                cB1ItKbbhY.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                PVKDyWHOaX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                RcFBMph6zu.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                http://senalongley.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                Doc_14-58-28.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                Doc_14-58-28.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                F8HYX5HOgA.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                74954a0c86284d0d6e1c4efefe92b52158VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                676556be12ac3.vbsGet hashmaliciousMint StealerBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                PKO_0019289289544_PDF_#U2463#U2466#U2465#U2462#U2461#U2466#U2464#U2462.htaGet hashmaliciousMint StealerBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                Hkeyboard.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                67618a47ee8c5.vbsGet hashmaliciousMint StealerBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                PKO_0019868519477_PDF_#U2462#U2465#U2461#U2465#U2467#U2464#U2464#U2466.htaGet hashmaliciousMint StealerBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                webhook.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 34.160.176.28
                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1xlSzrIs5h6.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                ZysXVT72cl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                NxqDwaYpbp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                NAnOVCOt4L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                2jx1O1t486.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                OtHVIQ2ge4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                fr2Mul3G6m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                t8cdzT49Yr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                • 65.9.108.213
                                                                                                                                                                • 34.117.223.223
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                • 52.35.239.119
                                                                                                                                                                • 18.161.108.224
                                                                                                                                                                37f463bf4616ecd445d4a1937da06e193gPZmVbozD.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8
                                                                                                                                                                6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 104.20.87.8

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler64.exeSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    Lisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                      SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                        SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                          C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler.exeSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              Lisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                  SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Config.Msi\6f646d.rbs

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):7854
                                                                                                                                                                                    Entropy (8bit):5.496456874482639
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:SgeV4RyNGSIgNGSzXReJ7aY7jMgDwzgs+Bd4C/Q/Bp:SF4kNGeNGkXRo2Y7jMgDBBd4C/Q/Bp
                                                                                                                                                                                    MD5:244813292683835DE4364EA83DF8B988
                                                                                                                                                                                    SHA1:324B2771673F457077A429CBB2EA45FD77096148
                                                                                                                                                                                    SHA-256:2943542061FEBD287049B82DD7AC529A68E34408172710C9B43549E3FA447D67
                                                                                                                                                                                    SHA-512:5FF3C03E691D1CECAF934DC718E3E17269277443698B71748658D4078B26732D5527A45E48746A57B35A242F68E5EB7C0413DB35CFEFFD288ACCA84417377C8B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:...@IXOS.@.....@.h.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{717B7059-A988-492F-AF1B-DCF70BE809AB}&.{469D3039-E8BB-40CB-9989-158443EEA4EB}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......SOFTWARE\Norton\Browser\Update.............................................. ...!.......?........... ... .......?...................?.........................................8......................1.?l.cL<.P...b....~z................. ... ...................$.N.......@....'.&...MsiStubRun..#0....RegisterProduct..Registering product..[1]......C:\Windows\Installer\6

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\@PaxHeader

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):28
                                                                                                                                                                                    Entropy (8bit):3.5566567074628233
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:XVTKlUv:FTj
                                                                                                                                                                                    MD5:B9EA04357667FD46353CA3E48F346261
                                                                                                                                                                                    SHA1:CB35A329D04D990B937CB8C6C49ACC8D80AD45A3
                                                                                                                                                                                    SHA-256:FDF34D3C6716526200DFC4F81AD1CB1BFDA51EC9DB20C2C0E7CDD08C179A6DE3
                                                                                                                                                                                    SHA-512:5B07BA516C030BD3689F21939A2EEA417B603A9FA8BEBCF4D9BAED190B67E7784F1A0458A022450F5DDD99F6D9913BA45D2EB1DCE4E011842A5CB33B3695C93B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:28 mtime=1686233326.3398783.

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):383232
                                                                                                                                                                                    Entropy (8bit):4.3682050352007735
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                    MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                    SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                    SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                    SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: Lisect_AVT_24003_G1B_127.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):404480
                                                                                                                                                                                    Entropy (8bit):4.403596063022666
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                    MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                    SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                    SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                    SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: Lisect_AVT_24003_G1B_127.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):440608
                                                                                                                                                                                    Entropy (8bit):4.477495049012643
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                    MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                    SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                    SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):384296
                                                                                                                                                                                    Entropy (8bit):4.381583745540333
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                    MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                    SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                    SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                    SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):438592
                                                                                                                                                                                    Entropy (8bit):6.45992761938075
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                    MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                    SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                    SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                    SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateCore.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):755696
                                                                                                                                                                                    Entropy (8bit):5.78064070271127
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                    MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                    SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                    SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                    SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):3.710330368678027
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                    MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                    SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                    SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                    SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):384808
                                                                                                                                                                                    Entropy (8bit):4.377706577325397
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                    MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                    SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                    SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                    SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1910576
                                                                                                                                                                                    Entropy (8bit):7.58137479903026
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                    MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                    SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                    SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                    SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):384808
                                                                                                                                                                                    Entropy (8bit):4.377540113876844
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                    MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                    SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                    SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                    SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\acuapi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):561456
                                                                                                                                                                                    Entropy (8bit):6.89287156869539
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                    MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                    SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                    SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                    SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\acuapi_64.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):719056
                                                                                                                                                                                    Entropy (8bit):6.672324901238704
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                    MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                    SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                    SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                    SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdate.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1707520
                                                                                                                                                                                    Entropy (8bit):6.329347716504747
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                    MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                    SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                    SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                    SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_am.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.850152460164065
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                    MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                    SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                    SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                    SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ar.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):42944
                                                                                                                                                                                    Entropy (8bit):4.835542008183028
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                    MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                    SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                    SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                    SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bg.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.8691314938087595
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                    MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                    SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                    SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                    SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_bn.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.936222804071481
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                    MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                    SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                    SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                    SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ca.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.655403186782661
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                    MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                    SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                    SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                    SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_cs.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.69656607023198
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                    MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                    SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                    SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                    SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_da.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.656501839350111
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                    MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                    SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                    SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                    SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_de.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47080
                                                                                                                                                                                    Entropy (8bit):4.647516797051505
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                    MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                    SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                    SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                    SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_el.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.945276126044921
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                    MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                    SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                    SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                    SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en-GB.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.636317941438334
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                    MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                    SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                    SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                    SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_en.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.6565699525229025
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                    MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                    SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                    SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                    SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_es-419.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.646030612051221
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                    MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                    SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                    SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                    SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_es.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47080
                                                                                                                                                                                    Entropy (8bit):4.630177626115215
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                    MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                    SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                    SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                    SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_et.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.645463686029905
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                    MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                    SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                    SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                    SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fa.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.845272670813686
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                    MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                    SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                    SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                    SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.6596573287160785
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                    MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                    SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                    SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                    SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fil.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.640479522161056
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                    MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                    SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                    SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                    SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_fr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.662517782893104
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                    MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                    SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                    SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                    SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_gu.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.923122510985089
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                    MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                    SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                    SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                    SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.8817065986468595
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                    MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                    SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                    SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                    SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.6636431303483
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                    MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                    SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                    SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                    SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_hu.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.688666100525905
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                    MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                    SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                    SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                    SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_id.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.639484979051941
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                    MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                    SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                    SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                    SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_is.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.658477005342536
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                    MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                    SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                    SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                    SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_it.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.6324666300251005
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                    MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                    SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                    SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                    SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_iw.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):42432
                                                                                                                                                                                    Entropy (8bit):4.854173056599383
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                    MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                    SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                    SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                    SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ja.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):41408
                                                                                                                                                                                    Entropy (8bit):4.883723947959775
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                    MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                    SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                    SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                    SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_kn.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.954692594620765
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                    MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                    SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                    SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                    SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ko.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40896
                                                                                                                                                                                    Entropy (8bit):4.911833136088746
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                    MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                    SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                    SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                    SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lt.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.677692678096642
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                    MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                    SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                    SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                    SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_lv.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.703009692113209
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                    MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                    SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                    SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                    SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ml.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):48136
                                                                                                                                                                                    Entropy (8bit):4.926909967496055
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                    MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                    SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                    SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                    SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_mr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.898551846960824
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                    MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                    SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                    SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                    SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ms.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.652027629630858
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                    MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                    SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                    SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                    SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_nl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.64263735417891
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                    MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                    SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                    SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                    SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_no.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.660574455025035
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                    MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                    SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                    SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                    SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.699948735964885
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                    MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                    SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                    SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                    SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.66752824702996
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                    MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                    SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                    SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                    SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.646340111209961
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                    MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                    SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                    SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                    SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ro.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.668533720243672
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                    MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                    SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                    SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                    SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ru.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.876003031420293
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                    MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                    SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                    SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                    SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sk.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.69456859037089
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                    MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                    SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                    SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                    SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.657549160186828
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                    MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                    SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                    SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                    SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.872942179610346
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                    MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                    SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                    SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                    SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sv.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.664578663662526
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                    MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                    SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                    SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                    SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_sw.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.694492393037756
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                    MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                    SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                    SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                    SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ta.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47080
                                                                                                                                                                                    Entropy (8bit):4.948448659499415
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                    MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                    SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                    SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                    SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_te.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.900098776782017
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                    MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                    SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                    SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                    SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_th.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.898585189301246
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                    MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                    SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                    SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                    SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_tr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.710217028647626
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                    MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                    SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                    SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                    SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_uk.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.886468370762969
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                    MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                    SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                    SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                    SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_ur.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.8564330106913625
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                    MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                    SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                    SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                    SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_vi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.771867334398084
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                    MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                    SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                    SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                    SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38816
                                                                                                                                                                                    Entropy (8bit):4.841517965818435
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                    MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                    SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                    SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                    SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38816
                                                                                                                                                                                    Entropy (8bit):4.854603942594096
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                    MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                    SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                    SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                    SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\npNortonBrowserUpdate3.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):519152
                                                                                                                                                                                    Entropy (8bit):6.796206581178465
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                    MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                    SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                    SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                    SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\psmachine.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):396216
                                                                                                                                                                                    Entropy (8bit):6.6364472604888975
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                    MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                    SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                    SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                    SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\psmachine_64.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):521784
                                                                                                                                                                                    Entropy (8bit):6.353157166068969
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                    MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                    SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                    SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                    SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\psuser.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):396216
                                                                                                                                                                                    Entropy (8bit):6.636012823818412
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                    MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                    SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                    SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                    SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUM3C03.tmp\psuser_64.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):521784
                                                                                                                                                                                    Entropy (8bit):6.352828173572569
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                    MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                    SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                    SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                    SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\GUT3C14.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    File Type:POSIX tar archive
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):11550720
                                                                                                                                                                                    Entropy (8bit):6.033044964444277
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:+aEmBopka2Rn0ttjsQlms7+oWD0/v+lzP+5ItO04rq7D0S8zpWwRFh4rH5EaFh4l:SpF2Rn0ttjt7+1I0RQcmiGYTGLB
                                                                                                                                                                                    MD5:0E16371DE9A96CAA60FFE3CCAFBC8343
                                                                                                                                                                                    SHA1:DFF8071D944CDE352DE9F34CCFE785F7DE1C3C0B
                                                                                                                                                                                    SHA-256:9DAB943357DBFEBD3F2AC522D9C4565E90EB8428A01248F7F1D68BFB75B5A416
                                                                                                                                                                                    SHA-512:28D6C511392E06CD0A4EB19573DF78A0E12215253D36ED10BB84AD70203A9204C1638AA836BD57AAD036D2BA6D31AB5F827AC60F81A1F4C26B89C56B25FC49CB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                    • Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: C:\Program Files (x86)\GUT3C14.tmp, Author: Seth Hardy
                                                                                                                                                                                    Preview:././@PaxHeader......................................................................................0000000.0000000.0000000.00000000034.00000000000.011452. x....................................................................................................ustar.00................................................................0000000.0000000........................................................................................................................................................................28 mtime=1686220543.2942097.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):383232
                                                                                                                                                                                    Entropy (8bit):4.3682050352007735
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                    MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                    SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                    SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                    SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):404480
                                                                                                                                                                                    Entropy (8bit):4.403596063022666
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                    MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                    SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                    SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                    SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):440608
                                                                                                                                                                                    Entropy (8bit):4.477495049012643
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                    MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                    SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                    SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):384296
                                                                                                                                                                                    Entropy (8bit):4.381583745540333
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                    MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                    SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                    SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                    SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):438592
                                                                                                                                                                                    Entropy (8bit):6.45992761938075
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                    MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                    SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                    SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                    SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):755696
                                                                                                                                                                                    Entropy (8bit):5.78064070271127
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                    MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                    SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                    SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                    SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):3.710330368678027
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                    MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                    SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                    SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                    SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):384808
                                                                                                                                                                                    Entropy (8bit):4.377706577325397
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                    MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                    SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                    SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                    SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1910576
                                                                                                                                                                                    Entropy (8bit):7.58137479903026
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                    MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                    SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                    SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                    SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):384808
                                                                                                                                                                                    Entropy (8bit):4.377540113876844
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                    MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                    SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                    SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                    SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\Recovery\GUR6219.tmp\NortonBrowserUpdateSetup.crx3

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):372
                                                                                                                                                                                    Entropy (8bit):5.478078577161385
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/Un9fIrXzCu9MK34QL:hYXc4xXgqmeNs3Mq8M0/VHP9LIQL
                                                                                                                                                                                    MD5:40FB8F9D8A47D36B3C4BEE1F53A34CBD
                                                                                                                                                                                    SHA1:C3BB7C3512EC918FF387F6CC2F6423F9989681F2
                                                                                                                                                                                    SHA-256:CFDA394A483D1F6552D6A974D2A23730BAF0FE7AB08D6E022007E6CC9924384F
                                                                                                                                                                                    SHA-512:4C2A8A3298B4985FF34E4B98E897B106902411238D090FDFA20FC8673E285EFCDD752B9B3C64AB2CDD9A6AAC543BB65B9909B316136C0D94BFDA00136BE1E292
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7B2436EE44-C9FF-41E5-B07B-F9DE299AFB2E%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):561456
                                                                                                                                                                                    Entropy (8bit):6.89287156869539
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                    MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                    SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                    SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                    SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):719056
                                                                                                                                                                                    Entropy (8bit):6.672324901238704
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                    MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                    SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                    SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                    SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1707520
                                                                                                                                                                                    Entropy (8bit):6.329347716504747
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                    MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                    SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                    SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                    SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.850152460164065
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                    MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                    SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                    SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                    SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):42944
                                                                                                                                                                                    Entropy (8bit):4.835542008183028
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                    MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                    SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                    SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                    SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.8691314938087595
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                    MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                    SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                    SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                    SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.936222804071481
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                    MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                    SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                    SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                    SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.655403186782661
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                    MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                    SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                    SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                    SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.69656607023198
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                    MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                    SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                    SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                    SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.656501839350111
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                    MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                    SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                    SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                    SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47080
                                                                                                                                                                                    Entropy (8bit):4.647516797051505
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                    MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                    SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                    SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                    SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.945276126044921
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                    MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                    SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                    SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                    SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.636317941438334
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                    MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                    SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                    SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                    SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.6565699525229025
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                    MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                    SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                    SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                    SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.646030612051221
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                    MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                    SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                    SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                    SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47080
                                                                                                                                                                                    Entropy (8bit):4.630177626115215
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                    MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                    SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                    SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                    SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.645463686029905
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                    MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                    SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                    SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                    SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.845272670813686
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                    MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                    SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                    SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                    SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.6596573287160785
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                    MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                    SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                    SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                    SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.640479522161056
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                    MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                    SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                    SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                    SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.662517782893104
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                    MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                    SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                    SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                    SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.923122510985089
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                    MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                    SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                    SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                    SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.8817065986468595
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                    MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                    SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                    SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                    SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.6636431303483
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                    MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                    SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                    SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                    SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.688666100525905
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                    MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                    SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                    SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                    SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.639484979051941
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                    MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                    SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                    SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                    SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.658477005342536
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                    MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                    SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                    SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                    SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.6324666300251005
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                    MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                    SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                    SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                    SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):42432
                                                                                                                                                                                    Entropy (8bit):4.854173056599383
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                    MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                    SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                    SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                    SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):41408
                                                                                                                                                                                    Entropy (8bit):4.883723947959775
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                    MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                    SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                    SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                    SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.954692594620765
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                    MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                    SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                    SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                    SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40896
                                                                                                                                                                                    Entropy (8bit):4.911833136088746
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                    MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                    SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                    SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                    SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.677692678096642
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                    MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                    SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                    SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                    SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.703009692113209
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                    MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                    SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                    SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                    SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):48136
                                                                                                                                                                                    Entropy (8bit):4.926909967496055
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                    MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                    SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                    SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                    SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.898551846960824
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                    MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                    SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                    SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                    SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.652027629630858
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                    MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                    SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                    SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                    SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46056
                                                                                                                                                                                    Entropy (8bit):4.64263735417891
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                    MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                    SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                    SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                    SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.660574455025035
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                    MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                    SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                    SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                    SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.699948735964885
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                    MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                    SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                    SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                    SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.66752824702996
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                    MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                    SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                    SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                    SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.646340111209961
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                    MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                    SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                    SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                    SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.668533720243672
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                    MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                    SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                    SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                    SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.876003031420293
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                    MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                    SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                    SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                    SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.69456859037089
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                    MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                    SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                    SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                    SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45544
                                                                                                                                                                                    Entropy (8bit):4.657549160186828
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                    MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                    SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                    SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                    SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.872942179610346
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                    MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                    SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                    SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                    SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.664578663662526
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                    MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                    SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                    SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                    SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.694492393037756
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                    MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                    SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                    SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                    SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47080
                                                                                                                                                                                    Entropy (8bit):4.948448659499415
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                    MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                    SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                    SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                    SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):46568
                                                                                                                                                                                    Entropy (8bit):4.900098776782017
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                    MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                    SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                    SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                    SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44008
                                                                                                                                                                                    Entropy (8bit):4.898585189301246
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                    MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                    SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                    SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                    SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.710217028647626
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                    MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                    SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                    SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                    SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.886468370762969
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                    MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                    SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                    SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                    SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45032
                                                                                                                                                                                    Entropy (8bit):4.8564330106913625
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                    MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                    SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                    SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                    SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):44520
                                                                                                                                                                                    Entropy (8bit):4.771867334398084
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                    MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                    SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                    SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                    SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38816
                                                                                                                                                                                    Entropy (8bit):4.841517965818435
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                    MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                    SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                    SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                    SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38816
                                                                                                                                                                                    Entropy (8bit):4.854603942594096
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                    MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                    SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                    SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                    SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):519152
                                                                                                                                                                                    Entropy (8bit):6.796206581178465
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                    MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                    SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                    SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                    SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):396216
                                                                                                                                                                                    Entropy (8bit):6.6364472604888975
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                    MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                    SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                    SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                    SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):521784
                                                                                                                                                                                    Entropy (8bit):6.353157166068969
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                    MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                    SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                    SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                    SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):396216
                                                                                                                                                                                    Entropy (8bit):6.636012823818412
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                    MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                    SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                    SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                    SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):521784
                                                                                                                                                                                    Entropy (8bit):6.352828173572569
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                    MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                    SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                    SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                    SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                    C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):440608
                                                                                                                                                                                    Entropy (8bit):4.477495049012643
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                    MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                    SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                    SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\AVG\Icarus\Logs\event_manager.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):142
                                                                                                                                                                                    Entropy (8bit):4.6897034288744655
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:RGVVss+KCw/B40deWY+mFVkV4FCvg3IKRHRoWnB6TewtAocv:Rnq/OB38VLg3IKw6B6Tjy3
                                                                                                                                                                                    MD5:A68F866E2F4C42F2EDD8D022B6EE3591
                                                                                                                                                                                    SHA1:5B8C5B9BB466EA2BDE573557C96D82C0226FD91C
                                                                                                                                                                                    SHA-256:78BC7EFED4F483A9750BF144AEC2134A69EFB9D57B58F253AD6CCA71967E3BA5
                                                                                                                                                                                    SHA-512:611A493DDFA00F6398703AFF13F6AC285D14350CB8F242BDA002D13503EB9806804F3A37C8B8410E4F46D014E07EE10BE68BAFA0E84BC2B99A2A0C3D6667F218
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.[2024-12-23 18:00:57.597] [info ] [burger ] [ 6648: 332] [8A4F0A: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                                    C:\ProgramData\AVG\Icarus\Logs\icarus.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (608), with CRLF line terminators
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):173748
                                                                                                                                                                                    Entropy (8bit):4.809116046891362
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:5TAaT84TH8lwlgoAyCHRspp1bDPSc+Xewl3wajNA01RYruibZzEIAJlIaWDOclmZ:c
                                                                                                                                                                                    MD5:9EA6ACCB21322CC77A69947C147B47D0
                                                                                                                                                                                    SHA1:353F19F9CE6543DCC1B5443343C26EFA4477AFFA
                                                                                                                                                                                    SHA-256:5BFC7521CAB3E2AAF1B77C558399227930ACEBD76070D35986226BC160FC7EA2
                                                                                                                                                                                    SHA-512:352DBE87D5DA9FEADF36582B8A23DF678F2CB01FCE07107D5A2B5EF0A75B6AEB2D0C1B9ED6D19B99BDE8F00EF6F61BE0A738E4C99EF659AD92267A2079A416DD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.[2024-12-23 18:00:37.225] [info ] [entry ] [ 6376: 6388] [231CAF: 39] Icarus has been started...[2024-12-23 18:00:37.225] [debug ] [settings_lt] [ 6376: 6388] [18C22A: 190] generic accessor for scheme registry set..[2024-12-23 18:00:37.225] [debug ] [event_rout ] [ 6376: 6388] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers. Description: event_routing_enumerate_handlers_handler..[2024-12-23 18:00:37.225] [debug ] [event_rout ] [ 6376: 6388] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers2. Description: event_routing_enumerate_handlers_handler..[2024-12-23 18:00:37.225] [debug ] [event_rout ] [ 6376: 6388] [CECE0F: 49] Registering event handler for app.settings.PropertyChangedValue...[2024-12-23 18:00:37.225] [debug ] [event_rout ] [ 6376: 6388] [CECE0F: 49] Registering event handler for app.settings.PropertyChanged...[2024-12-23 18:00:37.225] [debug ] [event_rout ] [ 6376: 6388] [CECE0F:

                                                                                                                                                                                    C:\ProgramData\AVG\Icarus\Logs\sfx.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1466), with CRLF line terminators
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):13866
                                                                                                                                                                                    Entropy (8bit):5.552664788621108
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:RFGYPzjYwzpbC5Nlwe7OqbriurLAr2rwrgrNRraS8w:RFGW359e5Nln6ijIS8UHF8w
                                                                                                                                                                                    MD5:BAB0F9A598455EDB067B3191248861D6
                                                                                                                                                                                    SHA1:BB42D5031C031F2A637B3575EB20E2DEBDDD3717
                                                                                                                                                                                    SHA-256:35D5319B20931C36C9362C9B41E8F19A012A99FB76482EF7645D326A7C992680
                                                                                                                                                                                    SHA-512:17F6F519D6F9681ADCAF7221908E5120F90C0939A39F102CE45766B4B4DC9887857D4E9AF0AA52012D343A5350ADE73481653BC3AF81294AF0599149C6B8B37F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.[2024-12-23 18:00:00.022] [info ] [isfx ] [ 1028: 3444] [C7794E: 183] *** Starting SFX (24.12.8365.0), System(Windows 10 (10.0.19045) x64) ***..[2024-12-23 18:00:00.022] [info ] [isfx ] [ 1028: 3444] [C7794E: 184] launched by:'2836-C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe'..[2024-12-23 18:00:00.084] [debug ] [device_id ] [ 1028: 3444] [8A1DA9: 70] Storing the new fingerprint..[2024-12-23 18:00:00.225] [debug ] [isfx ] [ 1028: 2676] [3A3D94: 62] Sending report data: ({"record":[{"event":{"type":25,"subtype":1,"request_id":"f7086796-9af3-49c1-aa5f-4c43e360678e","time":1734983852959},"setup":{"common":{"operation":"install","session_id":"19fb230f-7b30-4399-bcf4-24d721fda304","stage":"sfx-start","title":""},"product":{"name":"sfx"},"config":{"main_products":[{"product":"avg-av","channel":""}],"sfx_ver":"24.12.8365.0","trigger":"2836-C:\\Users\\user\\AppData\\Local\\Temp\\is-RB179.tmp\\prod1_extract\\avg_ant

                                                                                                                                                                                    C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):278
                                                                                                                                                                                    Entropy (8bit):3.4584396735456933
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:Q9oPdKwo/e7nwY0ow+lGUlYlUlulnvm4HflKmaGHfltNv:QCFKwh7CaI/VJNKKHNX
                                                                                                                                                                                    MD5:B8853A8E6228549B5D3AD97752D173D4
                                                                                                                                                                                    SHA1:CD471A5D57E0946C19A694A6BE8A3959CEF30341
                                                                                                                                                                                    SHA-256:8E511706C04E382E58153C274138E99A298E87E29E12548D39B7F3D3442878B9
                                                                                                                                                                                    SHA-512:CF4EDD9EE238C1E621501F91A4C3338EC0CB07CA2C2DF00AA7C44D3DB7C4F3798BC4137C11C15379D0C71FAB1C5C61F19BE32BA3FC39DC242313D0947461A787
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......[.P.r.o.x.y.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.i.z.a.t.i.o.n.=.0.....A.u.t.o.m.a.t.i.c.E.n.a.b.l.e.d.=.0.....C.o.n.f.i.g.U.r.l.=.....F.a.l.l.b.a.c.k.=.1.....P.o.r.t.=.8.0.8.0.....P.r.o.x.y.N.a.m.e.=.....P.r.o.x.y.T.y.p.e.=.0.....U.s.e.r.N.a.m.e.=.....U.s.e.r.P.a.s.s.=.....

                                                                                                                                                                                    C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                    Entropy (8bit):5.110194402891696
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:rtRhSAdk2JM0RG0DKhSm0tRhtZZVjwOrADGq:ZRhZdk2JTDFnRhjrjhroZ
                                                                                                                                                                                    MD5:E682C2EC3F37C3DB79434728169DE3BD
                                                                                                                                                                                    SHA1:A6B398418C5DD6F26F8F12FAD0AD868F106B2012
                                                                                                                                                                                    SHA-256:7369A976CC1ABF1E9A4C71508F6F4166F63855EC6A52970D5F6E8F502853DE33
                                                                                                                                                                                    SHA-512:C1BFD35AD4B2EBD94B9E563A5FB37D6843662373DCC32479063692E0901F721C0CFB265E7FBB97EC8E2C6A4D5163B2457745486AB21A3D5C0295F6A9044E9632
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[ERR][20241223 14:57:24.325][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 476. Error 31..[ERR][20241223 14:57:53.819][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1310720
                                                                                                                                                                                    Entropy (8bit):1.307327699019329
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr4:KooCEYhgYEL0In
                                                                                                                                                                                    MD5:00ED3E3036DDD2F2C5487DD569353F95
                                                                                                                                                                                    SHA1:FF3B45DD492D0DA5AEA48D9C0171CEBECCA8D8DF
                                                                                                                                                                                    SHA-256:DB9BD27316B1524E2BDB0802D93507CB153F47B2A3AA2C2E2427DEF7E3D2D3FE
                                                                                                                                                                                    SHA-512:867930163EDFE9C388D3DDD7836FDDF49D3858969EA7B109246B8A72A8CB1940EF3B1FBD75A1A83E7E2E745E09D7B70C209320843B5DB5E39E694541EC4130B9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:Extensible storage engine DataBase, version 0x620, checksum 0xe8193191, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1310720
                                                                                                                                                                                    Entropy (8bit):0.42205353896880554
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:xSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:xaza/vMUM2Uvz7DO
                                                                                                                                                                                    MD5:D895CC6970C18B087DADBD2B46BA37EA
                                                                                                                                                                                    SHA1:5B3A1BDB69BBFB497DFDB985975CBE4D3E354A5B
                                                                                                                                                                                    SHA-256:2174D2A930DC4D4BED8B31D628FD6CCF9FCC52FF2809E5040EF00734F106A50D
                                                                                                                                                                                    SHA-512:C31CDFA12FA5CA5BC18701D623113F1AF5A701E63B3EB1231EF4ED59B9EBAA45E9BCC5CD0A02EA47A8471268C5E00EA3FFDED4C0DC70F9174E302A4BAA6B5072
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..1.... .......A.......X\...;...{......................0.!..........{A......|G.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................M.s.....|g..........................|g..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                    Entropy (8bit):0.07395063497501993
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:xzLmltEYeW9+xjn13a/BvCpZmlXallcVO/lnlZMxZNQl:1LdzyW53qcp0leOewk
                                                                                                                                                                                    MD5:84C50E91144F71C0AC2322C01441F472
                                                                                                                                                                                    SHA1:A61B7A59ACDBCDEFD23BEC08D84C82E5008EBE75
                                                                                                                                                                                    SHA-256:6AF1AF3A6DF26CF6AF1F8B1C9F8ADB70FE8A950297CB5A6C7AD10A74FD75A1B8
                                                                                                                                                                                    SHA-512:ECED2BCF1A3F638D6F0B527FF0A58C0045AA43E03E8E189FE1ABAF4854B1382EAC5AEEC00F0E99C5F80B8ABFDC4C68C893B47982D0B18B16B16718BF04616980
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........................................;...{.......|g......{A..............{A......{A..........{A].........................|g.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Violated Heroine_20a7b1d5b636dc70a85b7f815cf778a7a95eea_cb35271f_925f4585-37c5-4b65-8e80-a5cad5a10898\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):1.3832353974925384
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ARaJurL0/kuIjetO3TURm0HdzuiF7Z24IO80:vJurY/kuIjnUR79zuiF7Y4IO80
                                                                                                                                                                                    MD5:481FC893FDD54FC9787FB63BF2F83445
                                                                                                                                                                                    SHA1:97433FA2450D78E95488B8C504F9FCAF155EA318
                                                                                                                                                                                    SHA-256:92E3AFB54F128150A18A23BE0E9B293CEA15B2166F3D66A02DFCD924373745AF
                                                                                                                                                                                    SHA-512:AAEF5FDB5FE62A598D4177D1F084620C7F04A3E536AE3B59864271BABA25EB9471EDCC7F67C36706873643A9AAAA56CC3E295C4F6765127E55182E7F9B37BCC6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.5.0.4.3.7.3.2.8.2.7.4.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.5.0.4.3.7.8.7.5.1.4.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.2.5.f.4.5.8.5.-.3.7.c.5.-.4.b.6.5.-.8.e.8.0.-.a.5.c.a.d.5.a.1.0.8.9.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.4.5.3.8.8.6.9.-.7.7.e.8.-.4.5.c.2.-.8.6.7.5.-.c.3.e.9.9.1.1.d.7.4.a.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.V.i.o.l.a.t.e.d. .H.e.r.o.i.n.e._.9.1.z.b.Z.-.1...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.1.4.-.0.0.0.1.-.0.0.1.4.-.b.a.0.2.-.f.d.5.5.6.4.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Violated Heroine_455396421d85e522d9a44a8f3272866e4743efd_cb35271f_15c49460-112e-4570-8562-24a8a65cf195\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):1.3826775739006418
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:72OJug30XFyIjetO3TURm0HdzuiF7Z24IO80:7/JugEXFyIjnUR79zuiF7Y4IO80
                                                                                                                                                                                    MD5:459CD53834FF43AB1F47FB936C15EE6F
                                                                                                                                                                                    SHA1:1D415DF09D38A30ACD3F52CCC222E4B1D2342D2B
                                                                                                                                                                                    SHA-256:5C834B5C3FFD62F5A6CC00FCE3B7C5756C4CC3CF9AE666943C62D55562E2C96C
                                                                                                                                                                                    SHA-512:72E91F4D91150321BF5D16DCF90F0C689C7A3607D493B5EDAC0708B4A0DFB53CDD1CE7B6EFDF196AD3D577D57B43EF1089F681AE45D4EA02F459C87C099183AC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.5.0.4.1.0.2.3.7.6.8.3.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.5.0.4.1.0.9.2.5.1.8.4.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.c.4.9.4.6.0.-.1.1.2.e.-.4.5.7.0.-.8.5.6.2.-.2.4.a.8.a.6.5.c.f.1.9.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.8.9.8.8.c.b.d.-.0.3.2.8.-.4.0.8.8.-.b.6.a.b.-.4.b.9.2.b.f.8.c.2.6.d.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.V.i.o.l.a.t.e.d. .H.e.r.o.i.n.e._.9.1.z.b.Z.-.1...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.1.4.-.0.0.0.1.-.0.0.1.4.-.b.a.0.2.-.f.d.5.5.6.4.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5056.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 18:00:10 2024, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):124508
                                                                                                                                                                                    Entropy (8bit):2.223783047102746
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:3kdmDqGb1+mS33Yd8iaRwtaQUgV6QH71p:0dYjSH6WwtaQU4t71p
                                                                                                                                                                                    MD5:656F61956D5CE54DE30000F41694F42A
                                                                                                                                                                                    SHA1:C4AE9B4D319B70688C8572220FF0A9EE6461F0CE
                                                                                                                                                                                    SHA-256:31B61B7310664D9B3975030473C44D7E8C6CAD80EC5B8634C0027447395F7BA6
                                                                                                                                                                                    SHA-512:6A0DCA22B3A1B69FF23130123CDB1895202A6B5A7806B16D350170596A19064819259288DA60089CEA20D5FB65E458B09A19D9C660211A21146319C1B2E52A0D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP..a..... .......*.ig........................(-.............. 6..........lh..........`.......8...........T...........Pj...|...........7...........9..............................................................................eJ......H:......GenuineIntel............T............ig.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER523B.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8454
                                                                                                                                                                                    Entropy (8bit):3.7008082340497688
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:R6l7wVeJVO6jyyb6YU2T6ywigmftb/prW89bM3sf8km:R6lXJs6eyb6Y1T6vigmftbdM8fm
                                                                                                                                                                                    MD5:48A8287A594804EA217849906D565068
                                                                                                                                                                                    SHA1:D007F93A0B6BEAD8469D94B24E6E594492115662
                                                                                                                                                                                    SHA-256:C25FD86CC73AFCB1B25F747F5706131F0F4D4B6EC5CCB81C06A9C2C93DA33790
                                                                                                                                                                                    SHA-512:F61CD50253CF326DDFDCF57E4324A1702955279336CD671545F25A90B7A9E2B4BF89F3E13CECE758F81F5592BB15884BF652A41582FE0FEEF2FBCC6183F64336
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.3.2.<./.P.i.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER526B.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4799
                                                                                                                                                                                    Entropy (8bit):4.473520256458075
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwWl8zs+Jg77aI9X8WpW8VYVNYm8M4JWXN+XjFZ4+q8TXUXLLRVvYod:uIjf0I7V17VzJWXwXskXUXnRVvYod
                                                                                                                                                                                    MD5:E8055EBB0FCE95C595AF177630F5CF18
                                                                                                                                                                                    SHA1:0C015F40C9CB03B3D9149EF8D6350EA1EF41B3AE
                                                                                                                                                                                    SHA-256:9146263C34194E5F845D4186A7A411B2FAC47D4287E17362C4DE06994D6FDCF6
                                                                                                                                                                                    SHA-512:4EE02044642F61D1B86CC1E2F3E380F1700FCEF1CAC83F0AD0DE617BC1379D0E22634DA56C0D50E9BF2FE9C8A64F7B60295D82D9B68DC26DC78D33C1A75ED925
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="644222" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER5279.tmp.csv

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):82402
                                                                                                                                                                                    Entropy (8bit):3.1121067868889463
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:vpVEYiZP0cI9W7/bINFg+tF2bPf0ZtcIAOyDoUE1s4hj:hjiZP0cI9W3AFgqF2bn0gIAOykUsVj
                                                                                                                                                                                    MD5:803073F5E8E789007C8473AFE22E2AF7
                                                                                                                                                                                    SHA1:B89F0F92789F273B0A7648ED0B33044F6AE093D9
                                                                                                                                                                                    SHA-256:7DAF3BF31639AC46B0386FF0A78F90EB77B071527925EFCA743BBCFFC9527379
                                                                                                                                                                                    SHA-512:18A23E3C29B87CE797F23723D89E8788AC2FF7F3B4B338FB675D7C6AE05E7291B2019522DF7E25B543985AAA8D706BC3F3563512D35B74C1CB07E62B2797774A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER52C8.tmp.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13340
                                                                                                                                                                                    Entropy (8bit):2.6880369187235433
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:TiZYWU8RUa5xY2YLW7QH7YEZqbtKi9IrgvwlRTNat7OabMcXXICR3:2ZDlvRBQ1NaZOabMcX4CR3
                                                                                                                                                                                    MD5:6EA064785B958E023E413AABEE5533E5
                                                                                                                                                                                    SHA1:B09BB99D281794D9E446BAF2673D510D570AC7C7
                                                                                                                                                                                    SHA-256:05BB732F620DB1CADFA629B193ECDAC32EEA7F7C9A4C42C7B0E0F310B9610D4A
                                                                                                                                                                                    SHA-512:4052290760072EAE83B6BCEA990D8C56FDEE7D2FB1A8E83E6579EEB69D924CAE34460818C53387A6224AEA2E81BF303544410F96387FC6DFACD55D9F647F2D4D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA2C.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 18:00:37 2024, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114140
                                                                                                                                                                                    Entropy (8bit):2.2700382964588193
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:h+vcEq0naBSgnGb1ERmoZhXEBIiIbbdxsFBH/slfSmc9rODV2Ou1XMA8vI0UJj3:h5fSSGb1+mofEBItmufHyrD7
                                                                                                                                                                                    MD5:2198A40587A650274D1984381385691B
                                                                                                                                                                                    SHA1:EF514DBBE442CD7AE2B3A329375ACC2E9B88CE6A
                                                                                                                                                                                    SHA-256:65EE41F1E2A461ACF34730B298A9204327537844431D935641ABDDC87D2D5F62
                                                                                                                                                                                    SHA-512:A0829936DBA23D88FCE8CD45C53987D341B53721B82403CFD84387C99ADFA26DC067002EF7A6217D88D032C7AE8E0932441A80252A7148517555BD2DD1C18541
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP..a..... .......E.ig........................(-...............5......4...pe..........`.......8...........T............i...T...........7...........9..............................................................................eJ.......:......GenuineIntel............T............ig.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB75.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8446
                                                                                                                                                                                    Entropy (8bit):3.7026490602572015
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:R6l7wVeJV5j6jjTvA6YUDK6ywigmfp4D/pDRC89bh3sfQyLm:R6lXJTj6nTvA6YOK6vigmfpUj7h8fu
                                                                                                                                                                                    MD5:85FE400E2999E645B2A47034ABB13341
                                                                                                                                                                                    SHA1:1AC5A7694C0E299DA37CA95B024F46B560FC64DB
                                                                                                                                                                                    SHA-256:75E28BBA4E2E7B93884C92468BF98E121E7CFB4091A336910B13153C922A68B8
                                                                                                                                                                                    SHA-512:D6B2E94EE0095BA429E720583E7C61AB855DE8CF6BC1146C7E15BBA25CD210EE929EC8B3AB0DBDF6BE7EF43ACE2D8A6970F16239F2E11D2359101B5D74127F44
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.3.2.<./.P.i.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERBBA5.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4799
                                                                                                                                                                                    Entropy (8bit):4.4745094280057085
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsVJg77aI9X8WpW8VYZYm8M4JWXN+XtFMVk+q8TXUXFLRVvYod:uIjfvI7V17V1JWXwXUVkkXUXRRVvYod
                                                                                                                                                                                    MD5:1EE43F5EC594401109AA219A568CF211
                                                                                                                                                                                    SHA1:146EE095F7F1DCE415751D2BE883F01E46E24F60
                                                                                                                                                                                    SHA-256:2452309B5B05BB3CA752634BE05FBBA1C2397016A83820E25A919BED9D204C07
                                                                                                                                                                                    SHA-512:D7261E49D4C6DE43AE793FAC5076D4759359E57B18D7087C013009D7A3DE7175F43D8CF46014A8D32F25961BDF3DB200995072E9629E7F474F73E645DAAC358A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="644223" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERBBD4.tmp.csv

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):84708
                                                                                                                                                                                    Entropy (8bit):3.110036200176744
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:1mNAhh3HZJlgaTTN6INCXEu2AHxyAOyDoUMrJP24yTyw:sN6HZJl/TUACUu2agAOykUyJPgew
                                                                                                                                                                                    MD5:8AC46D40858E6C2A619D47AA6A78601A
                                                                                                                                                                                    SHA1:E2A26994FB5BC01A599D608B32C627D1356E5C23
                                                                                                                                                                                    SHA-256:B25AF3C2A817B4D915C0971423582B1A05B66AD442F3F30F2A316FA789D1831B
                                                                                                                                                                                    SHA-512:4F4ABA9733019BA4FCAB42A90D6FB364C52A2C29982537A05A6E59273EFA67D7E46F34FCC61ED6A766873EFFED6E690F0A3B6DFB2CE445B0189D13FB64C2A2CF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC23.tmp.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13340
                                                                                                                                                                                    Entropy (8bit):2.68843920451557
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:TiZYWYfw+6IY1YxWHHzYEZ14tKieIlg5wMda1aZOa2MIcYHeI2RR3:2ZDdIyLFyaZOa2MIcYHpeR3
                                                                                                                                                                                    MD5:FED19D4CCE663A79EC90D4209F38B589
                                                                                                                                                                                    SHA1:64FBBA32870619DF5AB42844372912F9D00C0DCA
                                                                                                                                                                                    SHA-256:5AE6C9540D56CBF6A76B9FF7932B839FF1DEC62D44B111C91B2AEF28264132E1
                                                                                                                                                                                    SHA-512:1C70B3BE049BB374805549BF45F1A71BF22085437F0A635540F9130B8EB02F1D586C049DBDE2C49B88B5C4A643F9FE61C0061B3850A3B4D3E51D4C47AC50E0A5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1128
                                                                                                                                                                                    Entropy (8bit):3.874645399558201
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:V98uCZFdOP5DcQpswzftENF7fVoQTOXV3fU1j4NXBpOG0OZnWMayE/j9IF:V98ui/sjpRDSbfVHTGV3fa0NXn3kMayN
                                                                                                                                                                                    MD5:DCAF18DCA58F3604D575ED23E919273A
                                                                                                                                                                                    SHA1:E9DE81026E9E3FB2B7FFE5ADD5544E56E85A038C
                                                                                                                                                                                    SHA-256:0060BB629D33A636D67F880594D9DAA1182A5DFD8424374F775C069E9C43B623
                                                                                                                                                                                    SHA-512:5A410089DB5C58A30C38F2BFDC3798033E55F2146EB17F034395E12F270B5045A604ABEA5A78DA756C6AFD6C903B54360BCD983B755B1571C0C29A3051882C5D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.S.u.I.N.a.i.C.7.E.W.2.h.o.A.h.n.S.V.K.Z.w.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.C.T.s.y.W.A.Z.I.p.9.f.D.t.x.E.I.A.s.6.T.R.t.6.p.y.k.n.T.f.G.1.l.d.g.Z.u.t.i.n.J.M.4.L.g.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.D.j.5.7.o.X.t.1.o.e.b.V./.k.L.R.M.+.b.m.1.3.i.V.I.B.Y.8.S.m.G.P.S.a.i.O.f.3.6.l.S.L.M.N.A.A.A.A.C.L.8.x.D.1.g.P.O.i.c.i.v.g.D.d.v.U.d.K.n.P.t.5.4.E.+.L.R.B.h.d.l.x.F.k.P.x.B.V.Z.0.e.7.m.K.s.3.b.d.M.t.c.q.3.6.w.B.T.g.u.E.0.h.z.I.8.c.d.K./.w.I.5.P.3.f.1.G.O.I.s.o.N.y.k.F.U.0.P.Z.g.F.t./.n.z.i.I.L.9.v.h.m.z.i.H.u.R.2.g.2.w.q.V.H.o.v.a.1.L.L.m.k.e.8.x.6.P.q.q.g.0.t.M.m.y.T.a.P.O.g.T.y.W.v.e.g.f.W.h.m.w.U.p.J.Y.I.O.g.w.9.Y.J.Q.0.c.W.4.y.d.y.G.a.r.L.y.G.q.t.N.L.M.q.+.B.3.M.7.M.j.u.B.e.C.o.t.j.k.L.L.4.p.S.f.X.a.j.2.D./.f.C.R.h.C.b.+.+.p.Y.H.A.y.M.8.Q.k.x.P.9.d.T.0.9.u.2.i.M.A.j.o.Y.U.U.b.N.G.0.L.N.A.m.u.b.I.T.R.8.L.P.P.R.Q.B.9.L.L.b.z.m.a.7.Z.I.M.L.6.Q.A.A.A.A.L.2.Z.4.F.4.1.m.1.l.w.K.4.y.a.T.U.E.4.r.c.0.p.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                                    Entropy (8bit):2.8651688987017083
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:7lDdlSklVfFSljG+gQhQI1hn:NnFSliNQ2I7
                                                                                                                                                                                    MD5:1E7B8F468A4CC83DB131B1CCAA0CC3F7
                                                                                                                                                                                    SHA1:7B38CCEB819D0AC8A31379DCE9B850470ED55B5A
                                                                                                                                                                                    SHA-256:3ED3040581AA312E0FCDAD3E870BFE44A35D3F6646CBE1A768A4BCA49668C1EA
                                                                                                                                                                                    SHA-512:3EBA69C9EB5FD2BC29A41DA8A2E74003CC39EA0B762A31D9EFCC7314AFC0AD6138893D0C089A927E3D22ED15EDE17530A6F0AFAD8140E1EAF1D7C44A04CBA109
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:E.A.2.7.3.8.C.A.0.C.4.F.A.A.3.A.C.7.F.9.5.E.5.D.B.6.0.9.7.D.F.D.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                    Entropy (8bit):2.872681771344152
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:jlRllRlo+4LclTM/duFin:jJ+HQl4MFi
                                                                                                                                                                                    MD5:7F5618D09D0A4AD1EAA89655C55A7091
                                                                                                                                                                                    SHA1:7124805CB5D8DE8CF185FC51ECCB0FCCD4A1274F
                                                                                                                                                                                    SHA-256:02FF7C0A36DB8F646CB3F276DD8D219C881BD9DE37023CDE484ACE333CB30056
                                                                                                                                                                                    SHA-512:17ED7AD333B269C357516E03E2C99DFA59C549119ECCB771952C8C30EE4B28ACA9FF2F082A4EB99C857EB41C50E9E6A890628A07DA57A1820EE672977AC5E92C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:5.3.1.b.5.3.1.8.-.f.1.b.7.-.4.b.7.5.-.9.a.4.6.-.6.3.d.e.d.7.8.6.4.c.8.3.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\AVG_AV.png (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):53151
                                                                                                                                                                                    Entropy (8bit):7.982330941208071
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                    MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                    SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                    SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                    SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\AVG_BRW.png (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47501
                                                                                                                                                                                    Entropy (8bit):7.9807583617034075
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                    MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                    SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                    SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                    SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6144
                                                                                                                                                                                    Entropy (8bit):4.720366600008286
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                    MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                    SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                    SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                    SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\error.png

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2444
                                                                                                                                                                                    Entropy (8bit):7.881258656866732
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:/Cw1dpDYxwCWOVhQJqdZq4Q3TGaTmdTBZB31HqucFOpZ:/Cw1fk+OVhQqdZvQ3TGBjlH/
                                                                                                                                                                                    MD5:8303E7651CBD01CC413B0026ED537E6F
                                                                                                                                                                                    SHA1:85542365101CB85656F018CA63C894C3C56F1C01
                                                                                                                                                                                    SHA-256:696782A8DA306783593128B669F9E2C709030FDE555BB2703244E81CE17A31AD
                                                                                                                                                                                    SHA-512:11A3D9EAF8413600AC2636A1B18DCDFBF8BAA05ED7DE60AF300BC34B709DECB78D87C51F3C35484FCE7A803F7370CA45C105C0FC3066A6D6BFE702F253C36228
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d...!IDATx^..pTW....]6..l~..._..e.........X..Ic[.v......FTH;4.......A..*..8)..:B:.3.D.8L..SB6.&l.d.l.]...dM......m>3.{.y.~.;..s.}O.%..[..{^~.X?4t..._..}V....O.....(.Q.|.........N..ii...S...././.h..;...+WVJ...R .e....R.$..$.%`0..(-m.nk....9......z......]....!~3j2.b..u.5!.v./7..o..Q...&.....G...t&.....1o.!...i..6..c.[.+..?.3/....>..P...}...>.P_../.t.?k......l....13j...>.{.F<..P..nl.....))1.Z.M.....Mc.i...Fu...-*15.oaa.......iz#..|V.#..n.[......W..dSj .p.hN...(....x.u..Gk....../e.>....!..M.zT..R..............y...nz..j.......!M`.....|z..&.D.+...8...vZ%9Z.M..s).&@....s...s{...11Z..j:r..o.9?...lR.k$#.|..jR........|.F....a6'.....^Wy.wq....`g.A..@.y....p.jJK.?^.....Iy.b...4...3.../..w~3..E].]w....N .<#fs..zB0.h1.........i..w(3.!..[..78.....'....UFv.-c.+9* ..e...&..'..5..VE.9.b....;.8.D.@ZI3..l..+..j....O.R\.3....*D.q6E..^...\....0..%\..h.5.......S.h.;0.....wu.|v{5"........

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\finish.png

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2298
                                                                                                                                                                                    Entropy (8bit):7.901998893489053
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:KqqJYpZPlBqNTopskOg2btpLDCxGBVUQJCEVgvt4E5JUl2uW6:Kq6Y7t8GCPg2f9V/kJa2u
                                                                                                                                                                                    MD5:1BDB17B59DD0FC8360B30C5CE46762A0
                                                                                                                                                                                    SHA1:70CD6AD40F2BB14822FF1DCA766BCE6B02AAA8D8
                                                                                                                                                                                    SHA-256:49911E40F4E80C8342524034A6A96907703EF9EF4ABDB6175AD6F93824DF6CBE
                                                                                                                                                                                    SHA-512:2684FE9F5DF2AC2783B6413572715E4BCCBC771590686E75FCCC80733990E68FBE468E0FB0AF78B03DB4CCD6277028564CC8CCF91DB5E65122F06FF80F20432E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[.l.W..{vm.v;/I..v..MT....UiK..U.I..GD.1i].!4.4..&.?..J5m0..MB.$..!..nJ...*&.5......n.Y.......l...;..W.}.....}.{..{....T....}.g..-.....S.......:..B..r..j.i.]B....!..7..........m..,W.T...N...W.....W....D.y....[(.!.TU=.R........FU..6...X.=.N|]7.{u.e'Q.2G.P.>..7..^...z+.jS..>...Y....9.G...Z..W..`.ea.O./'.?m..A.B.........p.....-.2...l=.Cw.n^....I...d..........d...ei.x.[..5.x2.M.....@{)...p..x.G...;Wo.%q...6..-.J]..)...u.+..~.V..N.7.c.q8.^z.....#...wD.,..3...;..m4..^..v.r....a..<.M%.......7A...pt.y.7./.p.....I[.lQpFM...2-.X#.[u...H.9$-....>....>.F......Xl.`....."...x...6...2.X...m#-r..\,]N.g.a......xj..0Z..}......k.7P.#..:..X.'.!j.$3.o&...M.N!Y.-.bq<..t.'\..|..jx.L9..g..0....~.'9......Q...Ly;.VjF2....z.U-& ...w.^..n.^..: cW.q..f$3...LY..`.... ....._..[n....I..bL. E..u..q=...=X.>..8..~......xQ...C..c..*..=....1y.:1.R.c.GROf.....e>=?..e..&..|i...Q.........Kn..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\is-CFU83.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):47501
                                                                                                                                                                                    Entropy (8bit):7.9807583617034075
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                    MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                    SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                    SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                    SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\is-CSEJF.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5627506
                                                                                                                                                                                    Entropy (8bit):7.999949928735462
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                    MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                    SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                    SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                    SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\is-K45BU.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):527389
                                                                                                                                                                                    Entropy (8bit):7.995975187354872
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                    MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                    SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                    SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                    SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\is-RELLA.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):125405
                                                                                                                                                                                    Entropy (8bit):7.996684823256823
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                    MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                    SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                    SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                    SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\is-U78H6.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):53151
                                                                                                                                                                                    Entropy (8bit):7.982330941208071
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                    MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                    SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                    SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                    SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0 (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):527389
                                                                                                                                                                                    Entropy (8bit):7.995975187354872
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                    MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                    SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                    SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                    SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0.zip (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):527389
                                                                                                                                                                                    Entropy (8bit):7.995975187354872
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                    MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                    SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                    SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                    SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\installer.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):23918680
                                                                                                                                                                                    Entropy (8bit):7.990645224140664
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:393216:PyviTGPqMd2s5jqwcJFOM75FbVgmaccebfTBRL7WIJDFX6ZeplPVGUI4uK:aaAv5jq9O657x9+IJZ22PRI4uK
                                                                                                                                                                                    MD5:7DD0FAA9C00391333B2A12D21CA028BF
                                                                                                                                                                                    SHA1:2987248DB6382971D36F80EA45C0EE654C672CD4
                                                                                                                                                                                    SHA-256:E4B5817742A53DCCC24CD2A266223045D03DA537B815CB03B782D4E6BAED5020
                                                                                                                                                                                    SHA-512:CE700D9F59800C5A440D6DAFB1844F60B793B254A2186CC3B39654C9341AC7EAAC31D4A3F97B202AD40D17AAB21D6B3F277E38179237996D617A8968DCD164C4
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d...^2.f.........."...........f................@..............................j.......m...`..................................................$..(........'d.....|2....i.XX....j.....p...p.......................(.......8...............p...."..`....................text............................... ..`.rdata..V...........................@..@.data....1...@......................@....pdata..|2.......4...6..............@..@_RDATA...............j..............@..@.rsrc....'d......(d..l..............@..@.reloc........j.......i.............@..B................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1184128
                                                                                                                                                                                    Entropy (8bit):6.623147525519113
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
                                                                                                                                                                                    MD5:143255618462A577DE27286A272584E1
                                                                                                                                                                                    SHA1:EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
                                                                                                                                                                                    SHA-256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
                                                                                                                                                                                    SHA-512:C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1 (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):125405
                                                                                                                                                                                    Entropy (8bit):7.996684823256823
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                    MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                    SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                    SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                    SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1.zip (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):125405
                                                                                                                                                                                    Entropy (8bit):7.996684823256823
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                    MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                    SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                    SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                    SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):234936
                                                                                                                                                                                    Entropy (8bit):6.580764795165994
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:y2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhh3K0Ko:y0KgGwHqwOOELha+sm2D2+UhngNdK4d
                                                                                                                                                                                    MD5:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                    SHA1:6CA3FE45B3CCD41B25D02179B6529FAEDEF7884A
                                                                                                                                                                                    SHA-256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
                                                                                                                                                                                    SHA-512:2426E54F598E3A4A6D2242AB668CE593D8947F5DDB36ADED7356BE99134CBC2F37323E1D36DB95703A629EF712FAB65F1285D9F9433B1E1AF0123FD1773D0384
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A...(..3A..Rich2A..................PE..L....m6d.........."..........\...... ........0....@.................................V.....@........................................................Hl..p)..........p...p..........................`M..@............0......T........................text............................... ..`.rdata..`....0......................@..@.data...............................@....didat..L...........................@....rsrc...............................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2 (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5627506
                                                                                                                                                                                    Entropy (8bit):7.999949928735462
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                    MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                    SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                    SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                    SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2.zip (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5627506
                                                                                                                                                                                    Entropy (8bit):7.999949928735462
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                    MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                    SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                    SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                    SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5727368
                                                                                                                                                                                    Entropy (8bit):7.987929042344586
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:BiykuiGAGbjNHbd5lbDK4pdfAstezXYCvzV:BiyKGBZhKEmyezIUR
                                                                                                                                                                                    MD5:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                    SHA1:BBCEEF9812A3E09D8952E2FE493F156E613837B2
                                                                                                                                                                                    SHA-256:5AE1ACF84F0A59FA3F54284B066E90C8432071ACE514ACCB6303261D92C6A910
                                                                                                                                                                                    SHA-512:BA271257C0DBFBFD63685449A5FA5EA876B31C4F1898F85AA1BE807F1E31846D12F2162F715FC320FB014D31C15501EA71FE73B3C981E201BFA1A448FF54745C
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV.*_...PV..PW.MPV.*_...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f...*.......5............@.................................$.X...@..............................................(...........;W..(...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc....(.......*..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):23891968
                                                                                                                                                                                    Entropy (8bit):7.236497962515903
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:393216:NKsbm0ApvEqrGtYHviInnmC0dGpZFE6ZFERnsW4j2SDXdfD5X3vcMiWqMDi49QLu:hqr8NInmCgltTSDX59RidMm4uu
                                                                                                                                                                                    MD5:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                                    SHA1:2913C78BCAAA6F4EE22B0977BE72333D2077191D
                                                                                                                                                                                    SHA-256:3CEC1E40E8116A35AAC6DF3DA0356864E5D14BC7687C502C7936EE9B7C1B9C58
                                                                                                                                                                                    SHA-512:88D90646F047F86ADF3D9FC5C04D97649B0E01BAC3C973B2477BB0E9A02E97F56665B7EDE1800B68EDD87115AED6559412C48A79942A8C2A656DFAE519E2C36F
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.<%4.Rv4.Rv4.RvG.Qw..RvG.Ww.RvG.Vw..Rvf.Qw*.Rvf.Ww..Rvf.Vw..RvG.Tw2.Rv4.Rv!.RvG.Sw..Rv4.Sv..Rv..[w.Rv..v5.Rv4..v5.Rv..Pw5.RvRich4.Rv................PE..L...Dx:b.................t.......... g............@...........................n...........@...................................Y...... d..V....................f.....pzN.T...................h{N......zN.@............................................text....s.......t.................. ..`.rdata...p.......r...x..............@..@.data.........Z..j....Y.............@....qtmetadv.... _......T].............@..P.qtmimed.....0_......Z].............@..P.rsrc....V... d..V...Hb.............@..@.reloc........f.......d.............@..B................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-RB179.tmp\zbShieldUtils.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2060288
                                                                                                                                                                                    Entropy (8bit):6.6115241916592735
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:ewyBp/wFOX9xRo3HVCEd2ynjsfAXBpAK0A8BFuXJFotKLCs:eRDwIN3o3UEd2ynjsoRpAK58BFuXE
                                                                                                                                                                                    MD5:59D3C3A9180BA792AE2DAD18B6903CDE
                                                                                                                                                                                    SHA1:C8CD105D3A0E99A54D1D16F0D1F60000FA3DCA8A
                                                                                                                                                                                    SHA-256:DD01EDBD4368EF227693723C5E427A48B264CB57BBD07D81210D6E633E0B1B2E
                                                                                                                                                                                    SHA-512:D6B6358E5108654931FCB3B7920DF65C4AE65D48F9EA012C3F821BB571F821E815D86FEAB85CD55A8CE767F2F7342A512E55D03EE4041AC0BAF4FF13AD238699
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./}..A...A...A...B/..A...F/..A...E/..A...D//.A...G/..A...@/..A...@...A...E/..A...B/..A...D/..A.%.H/..A.%.A/..A.%.....A.......A.%.C/..A.Rich..A.........PE..L...+o\f...........!.....f...N............................................................@.........................@..........T........A..............................p...............................@............................................text....e.......f.................. ..`.rdata..NL.......N...j..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3025328
                                                                                                                                                                                    Entropy (8bit):6.402833519549322
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:9LJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvf9:jwSi0b67zeCzt0+yO3kSn
                                                                                                                                                                                    MD5:B1F49F39D06B2CFDF18C9C19DAAA4C4F
                                                                                                                                                                                    SHA1:109E6357F3496D5154988B6342EA507C0D794C23
                                                                                                                                                                                    SHA-256:9DE623B5AA1F083A1B86983A088BEC40F204A1FAD0230B418B9AE139CDCEE5CA
                                                                                                                                                                                    SHA-512:CE10F09E5EB278B4CA049D7AF198E67051260AA8636BC612F2B1A0D5CEBAA74A55205DEBCB56143C66F54C02F56547C18F691918FD0BEEC53FDB293D1F4EAED1
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@..................................g....@......@....................-......`-.49....-.p.............-..+....................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...p.....-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\AccessControl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):26848
                                                                                                                                                                                    Entropy (8bit):6.652871453473559
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:qflzhxZBcukmxQN2NMBMLh2ES+9DlJshjJy0swiEVAM+o/8E9VF0Ny29:8lvcu7x7uB2R9pih1y06EVAMxkE
                                                                                                                                                                                    MD5:39B6A146E9DAAE870A394530B5723E96
                                                                                                                                                                                    SHA1:2E62DBE3A1BD65BFA245E38021F8BAEB24EA3291
                                                                                                                                                                                    SHA-256:2A3C3830996953E592FDC67B1F4B4F3B4194F5CA28929E577297A72A58C84A84
                                                                                                                                                                                    SHA-512:5C27896FAC5B37A0856379323EDA80F52154F1335DA86A966E62E28366D613687C193B6A8E37DF9C6285B1AD8137D9F4F01A550D02E74A5C4847310FAB482354
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9[..X5.X5.X5. ..X5.X4..X5.?1<.X5.?15.X5.?1..X5.?17.X5.Rich.X5.........PE..L...BcL^...........!......... .......*.......0......................................S.....@.........................p<......|@..P....`..............H@...(...p.......<..T............................................0...............................text...I........................... ..`.rdata.......0....... ..............@..@.data...L....P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\CR.History.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\FF.places.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                    Entropy (8bit):0.037963276276857943
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\JsisPlugins.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2160856
                                                                                                                                                                                    Entropy (8bit):6.779350356047654
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:SdpuUEAFwL9cgRCbajymTn920aBa7deTlfRXAF3bHQpobMAjY5kH:SdpucFwL9zymTn920aBa7deJfRgbHQu1
                                                                                                                                                                                    MD5:916F3D54B2714E4129A786CE128DBE0B
                                                                                                                                                                                    SHA1:B2914CADC19CD87F1FA005D9216F6AD437FE73AD
                                                                                                                                                                                    SHA-256:9B2FB069FAD6A9422808C1526328A1D6305573BE9EBCC3AEAB7A38664D02AC6D
                                                                                                                                                                                    SHA-512:8C05F71E55D6B5F1DD797DEE852183BDBD7D7EB8D36B760C5C7413BC79D5F2C8300C41AC3DEB76F2AA497D8C86434F04F3A7DD17EA65D0E44CA5FB8E59F62416
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.............e...e...e..xf...e..x`.m.e.ka...e.kf...e.k`...e..B....e..xa...e..j`...e..xc...e..xd...e...d...e.ka...e.k`...e.ke...e.k....e.......e.kg...e.Rich..e.........PE..L....5.d...........!.........*.......s....................................... !......S!...@.........................................................H. ..(.... ......G..T....................H.......H..@............................................text............................... ..`.rdata..............................@..@.data...(...........................@....rsrc...............................@..@.reloc........ .....................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\Midex.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):129760
                                                                                                                                                                                    Entropy (8bit):6.686100620416484
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:wACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazG+k:wACUTz1JlopG5K4OZgeC9
                                                                                                                                                                                    MD5:18198BAE7294424D3607F776F5EF7B0F
                                                                                                                                                                                    SHA1:5EBC82D4C91ED2736F98AED57EB8578F0F225C33
                                                                                                                                                                                    SHA-256:6078F5FDCC332F617773AAE89AC3DB0888A0360A32BB6D9431D716471D1C480F
                                                                                                                                                                                    SHA-512:507D625C0643165B12A2C0EA01765445AD632136DA0A40B14EC36B0E1794D3ECE43CE482B5E4C9281565AE3BF226C60FBA5A25C085430EC5F1D17B7563CAA4A8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................\P5.....\P7....\P6........................W............r.......r.......r.;.......S.....r.......Rich....................PE..L....lL^...........!.....:...........E.......P............................... ......"-....@.........................0...D...t...<...................H....(.......... ...T...........................x...@............P..L............................text....9.......:.................. ..`.rdata...p...P...r...>..............@..@.data...t...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1910576
                                                                                                                                                                                    Entropy (8bit):7.58137479903026
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                    MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                    SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                    SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                    SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\StdUtils.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):200416
                                                                                                                                                                                    Entropy (8bit):6.688698057656482
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:sRXOjZpSOAPrzjyfvwyYUDBftoJiEqNuozAsWFFowXV8xBY90JZx4INb54UVuH7d:OOdpSOGvWjbLtBwF8TJL4IxVuH7xlh
                                                                                                                                                                                    MD5:F2AAC54C495BD4566228E5CC2CBBFE97
                                                                                                                                                                                    SHA1:3DBFCA2AB60C17B1A0FCF3E6B8EE7AD18173FED7
                                                                                                                                                                                    SHA-256:22AE097B02F02A7C2151B113DD5756965D3857A148DF19C745D4DA2A4887B292
                                                                                                                                                                                    SHA-512:FEFFFD62B4735D7AF459A771FFB73AF8AB0BE8CD08C1BA6B009D28CF9F97AD138976F628AE28600CCA0FF10B7FFFA63B94E34EF4328623A28F8088F028597BFA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f.................................x...g,.....,.......,.................a..........,......e......e.......e...............e.......Rich....................PE..L.....l^...........!................\........0............................... ............@............................T...$.......................H....(..........0...T...................,...........@............0...............................text...8........................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\inetc.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38112
                                                                                                                                                                                    Entropy (8bit):6.31022202046075
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:sEE9m7Lbg4nqAYYDqAvELv5TGjgy06EqAMxkE:sEJnbpnBDBED5TjxIx
                                                                                                                                                                                    MD5:5FDB8BD2FE89ED7B03F2DBE64D5F51EC
                                                                                                                                                                                    SHA1:355AF194C6C003ADD61808F7D65C104C3B221AC5
                                                                                                                                                                                    SHA-256:4A926AAD3FD97366E164E92CC0D37F76E6ED348757F72EDA499C3DE19671BCE3
                                                                                                                                                                                    SHA-512:FA177B5710E2479C59E7E0A6047D69C09D565905105D08F983840B0E77209DB0B8DF6646FE9827997619015888B536F7CC0B1654F6AAD383B2A571C4694274E1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.q,z.q,z.q,...,s.q,z.p,/.q,..t-x.q,..u-{.q,..q-{.q,...,{.q,..s-{.q,Richz.q,........................PE..L...B.b^...........!.....6...|.......2.......P............................................@..........................W..l...xY..d...................Hl...(......p...PW..T............................................P..p............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data....V...p.......L..............@....rsrc................Z..............@..@.reloc..p............d..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\jsis.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):130784
                                                                                                                                                                                    Entropy (8bit):6.313676957875236
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:33Zk9fOAewM0+W8NVH28fB948igEWo8P+fidx:33qNOApM1G8fBpidWZ
                                                                                                                                                                                    MD5:4A98ACC5AD0E701E3289231FDB253A5D
                                                                                                                                                                                    SHA1:A8E7452658EA0777CF838FEE2ABEC806B147E832
                                                                                                                                                                                    SHA-256:E9B0AF410098EFA3848CCCA171C6933C70FF06B241F3806FD3816EAB5757BEB6
                                                                                                                                                                                    SHA-512:1213061966D9858467CEEA746EEE2A00CA381CC693457E347D58BEF7996DAD4F5EE7412FCC2A4E48F96256445D966141F2BCA993132FCE4402142A57114D8AB3
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Q.'.?.'.?.'.?.....4.?.'.>...?...;.2.?...?.&.?.....&.?...=.&.?.Rich'.?.................PE..L...^<.e...........!......................... ............................... ............@......................... #......`6......................H....(..........."..T............................................ ...............................text............................... ..`.rdata..@%... ...&..................@..@.data........P.......8..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\jsisdl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):25816
                                                                                                                                                                                    Entropy (8bit):6.714415723163507
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:Ej42b45gg3PClGaGU8D1sNy06EdAMxkE6:Ej42bggA6bg1yx1xW
                                                                                                                                                                                    MD5:E149A8BCD017059151E37881A442ECBE
                                                                                                                                                                                    SHA1:53AFEE6CC4B8098BE98B199D6B2148B0B48D247A
                                                                                                                                                                                    SHA-256:2AA66C5745BBF99412C735C601B9592DCE1EF6C888D76EC0FD817D580EB0CB07
                                                                                                                                                                                    SHA-512:8F8340678C78F2BA1C4D18F6A108B97F0516A32EF379735C7DAC5B23595B809DEC3FCA87551B107E33637B56107540293166729325BC6EF131C0F968278A61C2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9]..X3.X3.X3. ..X3.X2.X3.?1;.X3.?13.X3.?1..X3.?11.X3.Rich.X3.........PE..L.....b^...........!.........R.......%.......0.......................................f....@..........................0..d....2..P...................H<...(...........0..T............................................0...............................text............................... ..`.rdata.......0......."..............@..@.data....D...@.......(..............@....rsrc................4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\nsJSON.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):37600
                                                                                                                                                                                    Entropy (8bit):6.707926977853279
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:K1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpqy06EHAMxkEk:K1bYPHqu7EUhL27bT8xnxw
                                                                                                                                                                                    MD5:52B19EAA9500F892FD83F8012D705701
                                                                                                                                                                                    SHA1:FB06D3004A4AC2C937E878A0AC3285ECE4E305FE
                                                                                                                                                                                    SHA-256:081F0B9830921894DF2D8920AF6D7069C8F2298622AFC954731A58C4E2423391
                                                                                                                                                                                    SHA-512:82632417A41D9F593C62B8E850E824749BABCF3480C5663767477097B27C680A72CAECBCB7C9F88061FA2C998A99FB3DAFB5A5796CAB464DF4E945FA93D267B6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>E..P...P...P.......P...Q...P...X...P...P...P.......P...R...P.Rich..P.................PE..L....6.a...........!.....H...........*.......`............................................@.........................pi..H....l..d...................Hj...(...........i..T............................................`...............................text...AF.......H.................. ..`.rdata.......`.......L..............@..@.data...$............^..............@....rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\reboot.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):26840
                                                                                                                                                                                    Entropy (8bit):6.837130188655359
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:NimyF0m1ZSB69hT0JLbQjCPR28t5zKIBPUJy0swiEv9AM+o/8E9VF0NyTP2:Nil2EOPQATrRBcy06Ev9AMxkE92
                                                                                                                                                                                    MD5:B951C5DE3420EA1B7FC980DE0F16A606
                                                                                                                                                                                    SHA1:47729AD26FBDDEE96DD5D29E161852CEA5B94A25
                                                                                                                                                                                    SHA-256:7CD1263FAE809FF7BD3F359008661314C9D35C1F6062AF9C81C3130F562BC2AE
                                                                                                                                                                                    SHA-512:D3C5D890A550B884C81A5C2A2A19E25E7A6BAEA9E2C13AD5A8D5B624D21FF5865253354D1AE60F7CA1D088AC2035EB4D4585A9AF16C549AF89DC0D7FFCF2CB74
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.0.>f^.>f^.>f^.7...7f^.>f_. f^...Z.8f^...^.?f^.....?f^...\.?f^.Rich>f^.........PE..L...c.b^...........!.....*...........4.......@............................................@..........................@..`....B..d....`..............H@...(...p.. ....@..T............................................@...............................text....(.......*.................. ..`.rdata.......@......................@..@.data...0....P.......4..............@....rsrc........`.......8..............@..@.reloc.. ....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\remoteResponse.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):763
                                                                                                                                                                                    Entropy (8bit):4.7371029739650545
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:YiKwpqL1sjhSG2qwpHgZaJzTp+BrwTSJ0GddZaExdcuevifHZA1DP:YiKwkHgI5Tp+Bu6BdKEXe6vZUDP
                                                                                                                                                                                    MD5:7C3BD72DFBC335C42B2342AF10B739ED
                                                                                                                                                                                    SHA1:AC4FA2804EF57D176327AF7BB891A4E3C410BFEC
                                                                                                                                                                                    SHA-256:AD8E2D524A5F61F19D4838254D3D67ADF69F805148614DC7A48115F7E22AE818
                                                                                                                                                                                    SHA-512:DEC108D8871C6B32E96AA20F684247C11B8F99FC9BCF5435223A82AA5408B48D48965905554153DA7831CE27BFA8B4E836C47FD0B3BF3E3ACDAD29387E91FF38
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"av_extensions_native":"lhnnoklckomcfdlknmjaenoodlpfdclc,dmfdacibleoapmpfdgonigdfinmekhgp","campaign_group_id":"2911","campaign_id":"29239","country_code":"US","register_install":1,"remote_disable":"0","request_uuid":"00bed190a2bd43538aafd55b53a03a5a","search_provider":"yahoo.com","search_provider_google_client_id":"NULL","setting_enable_bankmode":1,"setting_force_default_win10":"1","setting_heartbeat_install":1,"setting_import_cookies":"1","setting_import_settings":"2","setting_install_background":"0","setting_launch_install":"1","setting_launch_logon":"1","setting_popular_shortcuts_v2":"0","setting_shortcut_desktop":"1","setting_shortcut_startmenu":"1","setting_shortcut_taskbar":"1","update_retries":2,"utc_date":"20241223","utc_timestamp":1734976805}

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\sciterui.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6398680
                                                                                                                                                                                    Entropy (8bit):6.757721296323737
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:yTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwL9BlK5p:yTvkTLVTAudcoJheBnknfFrqNVMu
                                                                                                                                                                                    MD5:269EDAF14B5B99A0869A5480DEC9D9D2
                                                                                                                                                                                    SHA1:B9F8CE759CADA0874EA2181751E05899658E34BC
                                                                                                                                                                                    SHA-256:9752FAB0F93CF571407A4954ED46C0D5F5B1A858BEBD551231D2D21C707BEF70
                                                                                                                                                                                    SHA-512:682AE7AE6B4A03DC0EE447E35DA73EF0CFC488984047FD6551D89634382A10F18F84A84B9868484CF1586AEF35634C00F5D3CA083954954127DC59992C33E2DD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..............|~..............|......Rich............PE..L...3I.e...........!.........xa...............................................a.......a...@.......................................... ..8ta.........Hza..(..............T............................................................................rdata..............................@..@.rsrc...8ta.. ...va.................@..@....3I.e........_...T...T.......3I.e........................3I.e........T...........RSDS..i....E../'.K......D:\work\d58bb94b48143cdc\Contrib\build\out\x86\MinSizeRel\sciterui.pdb..............................T....rdata..T........rdata$zzzdbg.... ..P....rsrc$01....P!...ra..rsrc$02................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nse2168.tmp\thirdparty.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):95968
                                                                                                                                                                                    Entropy (8bit):6.540971049765208
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:uqNkPugFq0hRqcS+rYS0wreCmbsWmXKcdCbAKPz7VPxzxm:uqN0u8q0hRqhcelwXLyAKPz79W
                                                                                                                                                                                    MD5:5D1F1A9575A20E6273D3F1553378DA7C
                                                                                                                                                                                    SHA1:97E28C80F8C4DED7F91198B677A02491158F85EE
                                                                                                                                                                                    SHA-256:DD9B241E2F8CDC6C9A098AF68EC462850EBBC4391ED57967B37A4CCBC0100A27
                                                                                                                                                                                    SHA-512:14BD97CBD1328010E9D613EE1CEC13A9C7008F7C26739C5B054B77D6BF2A41FE8B73FD6D9438228DAE70632838AF898AF26B5A0A73A1387E8E4F5FB7A3CD8AC5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f......................................................,.......,......,.......................................Rich............PE..L....d._...........!.................g...............................................c....@......................... >..|....?......................HN...(......`....6..T...........................(7..@...............t............................text............................... ..`.rdata...g.......h..................@..@.data....2...P.......0..............@....rsrc................8..............@..@.reloc..`............<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsj2D02.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):700
                                                                                                                                                                                    Entropy (8bit):4.727166525039482
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:YWLSHkawuhTpOPWJn9wuhzVuPWJe9zwuhkPWJECwuhD7PWJGwuhzPWGk+c94GniX:YWLSHk/DOJeQVuOJe9cnOJAs7OJ7oOGn
                                                                                                                                                                                    MD5:359CCE9C2DF62868BF4096E887993CB7
                                                                                                                                                                                    SHA1:F3683EE9E7ED5CFC3570D9AAF769EEF6F4FA3A95
                                                                                                                                                                                    SHA-256:FCD6CEBFE6E9D8BDDF1C4B09771D7D849F2FDC105F991337E45D6AA82F33B627
                                                                                                                                                                                    SHA-512:A5E99FA8AA18E6A7CEB7CFB0C99DC99B606567AD1DDC3BF5AB81D18502F513A9D96D264552F81508317778216B4A4360D87E96AFF302CC7F7FE1DF92C59A6737
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"Google","_isAppProvided":true,"_metaData":{}},{"id":"amazondotcom@search.mozilla.orgdefault","_name":"Amazon.com","_isAppProvided":true,"_metaData":{}},{"id":"wikipedia@search.mozilla.orgdefault","_name":"Wikipedia (en)","_isAppProvided":true,"_metaData":{}},{"id":"bing@search.mozilla.orgdefault","_name":"Bing","_isAppProvided":true,"_metaData":{}},{"id":"ddg@search.mozilla.orgdefault","_name":"DuckDuckGo","_isAppProvided":true,"_metaData":{}}],"metaData":{"useSavedOrder":false,"locale":"en-US","region":"default","channel":"release","experiment":"","distroID":"","appDefaultEngineId":"google@search.mozilla.orgdefault"}}

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsu20DB.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):18749398
                                                                                                                                                                                    Entropy (8bit):5.540150296150122
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:196608:pP8TvkTLVTAudcoJheBnknfFrqNVMuEdpucFwL9z2a7deJfRc6cWljaF9IU+Js:zXBAudcoJ59rqNVMy2G6TS9I1J
                                                                                                                                                                                    MD5:78904B99D2C9AC6CA1B032CDEDED3816
                                                                                                                                                                                    SHA1:18E5A79B33D5A47536CFC21DE500949530B5A060
                                                                                                                                                                                    SHA-256:4043AF6E29B8C64380A471B6D4F74462421925DC3501FF26C1A629B3753B091C
                                                                                                                                                                                    SHA-512:0F35D1C96E672CEC9F8479F65616B061A07A52FC9333C4457CDE80EE67C133D871D38636EB7ED39931D6E6050A540767B74F957D0016220D213797EA92980BB6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.vs.....,....................{....a......Cs.,....vs..............................................................i...o..{o...o..............................................................................................................................................................................x...j...............................................................................................................................G.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{1F61E350-EF17-4D14-8C4F-9A4747F4F5F4}-NortonBrowserInstaller.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):26267947
                                                                                                                                                                                    Entropy (8bit):7.999955401874699
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:393216:OR08TuZmD7K8vvucXjcJzvjqxZbYNZ8UGE2uE4uQRYP2OPbUFPyv9f6fSu3GokWu:G08Qm/SzL0Zspeh41R4b241u3GLd
                                                                                                                                                                                    MD5:AD1F4CD16708B771ADFB22C9E91ABC0F
                                                                                                                                                                                    SHA1:BAD019FCE73D232B01211CBB17100E63C30885EB
                                                                                                                                                                                    SHA-256:DD644014324FA2FCCC58A4906BF979C597CC15456B3CB2A489C2BA1684F3ED14
                                                                                                                                                                                    SHA-512:0342AAE733033306DA6456005B0A8F49510AE8BA080ABF4C6E8CB2B9A09D122BBF8E6857B66EF05754432C3095F0451A8816331BAD490F13D59B707A991A06C4
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Qg.........."......0....x................@..............................y.....%=....`.................................................PG..P.......p.x..p......H2y.......y.$....F...............................@..@...........pI...............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......F..............@....pdata.......p.......H..............@..@.retplne.............L...................rsrc...p.x.......x..N..............@..@.reloc..$.....y......0y.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                    Entropy (8bit):4.950365884222258
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:wVXR5hV9xUM6XOFdfXRky5sR5hV9xwQD7WtdFGWKP8XnsKEx2PnjXOov:gB5D9SM6XOFdfmr5D9287mdfbsKEQPnz
                                                                                                                                                                                    MD5:98D102AA601ACB383F256FBFD28655F5
                                                                                                                                                                                    SHA1:002585D7EBA22367C9A526FAE8981AA3C7393487
                                                                                                                                                                                    SHA-256:5B274038DE1F5E9C7DAC3460FD321D98029514352A2594875B101C3122984C92
                                                                                                                                                                                    SHA-512:35A49B5AB9C9F5D74CAD724879576D75B39C8D78877FE9E2D4AF9408CF6CE7FBE3124C9F7C8817A01BC693C85F6448B9C920D5B618DA1E3E52CD7BA7E600C30B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:(N) 2024-12-23T13:00:03 - qBittorrent v4.4.2 started..(N) 2024-12-23T13:00:03 - Using config directory: C:/Users/user/AppData/Roaming/qBittorrent..

                                                                                                                                                                                    C:\Users\user\AppData\Local\{A2D70ECE-097E-49BC-ADBD-D0DECF6FFA97}

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):372
                                                                                                                                                                                    Entropy (8bit):5.478078577161385
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/Un9fIrXzCu9MK34QL:hYXc4xXgqmeNs3Mq8M0/VHP9LIQL
                                                                                                                                                                                    MD5:40FB8F9D8A47D36B3C4BEE1F53A34CBD
                                                                                                                                                                                    SHA1:C3BB7C3512EC918FF387F6CC2F6423F9989681F2
                                                                                                                                                                                    SHA-256:CFDA394A483D1F6552D6A974D2A23730BAF0FE7AB08D6E022007E6CC9924384F
                                                                                                                                                                                    SHA-512:4C2A8A3298B4985FF34E4B98E897B106902411238D090FDFA20FC8673E285EFCDD752B9B3C64AB2CDD9A6AAC543BB65B9909B316136C0D94BFDA00136BE1E292
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7B2436EE44-C9FF-41E5-B07B-F9DE299AFB2E%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                                    C:\Windows\Installer\6f646b.msi

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):3.710330368678027
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                    MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                    SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                    SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                    SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Installer\6f646e.msi

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):3.710330368678027
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                    MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                    SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                    SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                    SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Installer\MSI65A3.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1629
                                                                                                                                                                                    Entropy (8bit):5.663592594633177
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:3EV9KJnuEyYGoYD8SFoeUlMfnMHV9aXuqguEVltWJcXhV9oRXVM:3pGyw2e52MEPgFk
                                                                                                                                                                                    MD5:3DCC6484FD4D4BA86C8FFBFD55BBB6E9
                                                                                                                                                                                    SHA1:E5B94F7A5732A8418CD981858BDEBBFCCA35EFF4
                                                                                                                                                                                    SHA-256:DCD792484C4E819C226EEEB51624D6BAEA739342794BC5B697ACA3CE91E4A603
                                                                                                                                                                                    SHA-512:E96AFC0C656FB11781439646C71F8692298603297759B0694B2372D2C70ED32923C35534911797DC0042A0B587397E749EAB20D6759E0704F70B3BEE768AF99C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:...@IXOS.@.....@.h.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{717B7059-A988-492F-AF1B-DCF70BE809AB}-.02:\SOFTWARE\Norton\Browser\Update\MsiStubRun.@.......@.....@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]...@.....@.....@.3..$..@......SOFTWARE\Norton\Browser\Update...@....%...MsiStubRun..#0....RegisterProduct..Registering product..[1]......Please insert the disk: ..required.cab.@.....@......C:\Windows\Installer\6f646b.msi.........@....H...C:\Windows\Installer\6f646b.msi&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..&.{95

                                                                                                                                                                                    C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                    Entropy (8bit):1.1712204339930645
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:JSbX72Fj2AGiLIlHVRpIh/7777777777777777777777777vDHFiqjBER9JTrl0G:JcQI5w0OB49YF
                                                                                                                                                                                    MD5:373000B04D77692C4A272345834BE7AE
                                                                                                                                                                                    SHA1:20AD501704AFA372EF8FEB712A66B330BAB36D9C
                                                                                                                                                                                    SHA-256:946192FC047BC65054491E821CD605EFA9A7AE02480DEE4D8C3818781EAE8621
                                                                                                                                                                                    SHA-512:15887431AC9017BA21D29EA38532F737C1FB1A031E0A100CD44B0900B087691679AF6234866B35A8E023E216E57D6303F8D0C363C5ADCFC2C5CF9DDA751BCD8C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                    Entropy (8bit):1.454071756297878
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:B8PhNuRc06WX4UnT5bQda9yUS7qd6CSIN8lgk:chN1knTNn9znk
                                                                                                                                                                                    MD5:C1541FC8B1564205890C3DA8FF5D2102
                                                                                                                                                                                    SHA1:4E4A5ADB6FDC16E220CFE65ABA652D6FCF1A929C
                                                                                                                                                                                    SHA-256:960BDD44567CA83134EABA2FE34ED4D1AC3C0D382AA37C3D1C3EC522C692B985
                                                                                                                                                                                    SHA-512:CFD535D07EA51F48D9A03BEC20EEE83FB86B4040D88362A5C3F9E3540C82A214CC95935E975FD8980A63E9FA71FD9AECC5857AC916245C74D492917926EE9A62
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):432221
                                                                                                                                                                                    Entropy (8bit):5.375166494776186
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauM:zTtbmkExhMJCIpErB
                                                                                                                                                                                    MD5:CBF552B9DCB19C5B37587675EB5695BA
                                                                                                                                                                                    SHA1:ABA530A9EB85B2246A03516A090A4EF8D1AF3994
                                                                                                                                                                                    SHA-256:F9D6063139AE55F1A6AE973326069BB5E6836D92BC52A5CDECC4FDC30AE3520D
                                                                                                                                                                                    SHA-512:263360B8E59ACF91A24B340C5CF4F182C1A6C5540F5EAFF2BF8CECF3076786162A077E7E61C9CA92043173CB9F1A9380470CF58133561D0E8088F5CCB03F0F96
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):55
                                                                                                                                                                                    Entropy (8bit):4.306461250274409
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\bug_report.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5944648
                                                                                                                                                                                    Entropy (8bit):6.511430665598052
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                    MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                    SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                    SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                    SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\config.def

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):579
                                                                                                                                                                                    Entropy (8bit):5.420426163811309
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:2AcW1OPqygANI+xzYN/pBM4b0a3Uk74YrTpuROfzZMVxYnuiqdQulUUyrZaLk:rVAJI+dspq4NUksYr1uALqVxYnuVmUyT
                                                                                                                                                                                    MD5:173270F3089BF6034FC92088D6DCF89C
                                                                                                                                                                                    SHA1:AC76FCB0656F834B3885B904D7D56E03C540D19B
                                                                                                                                                                                    SHA-256:26CB6BEF15DFD9BE0ADA61AF5F78F3C9AF378E0DFCBA7AC82A9687268F59C2DD
                                                                                                                                                                                    SHA-512:A0D1A171DB7F230F68C9AE9FB4FFACD65C5FCACBFDE717497D06AAF8722CD19ACD395A34DE6B106766EE8AB259E9E38926E98CBC4B6AABE5A96944535D729FAF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..after_run=1..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..wait_for_net=60..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[Signature]..Signature=ASWSig2A588B6BC0DE03C9E59882D00BDADE9E83F2814DB13B70BA18D1DDEB88B7E6B157468EC649853ABD1CB908465E40D29BA47D917D25A4AFDB2DA4ED2513FCFD5ABFASWSig2A

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\dump_process.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3531080
                                                                                                                                                                                    Entropy (8bit):6.522879430230983
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                    MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                    SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                    SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                    SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8425288
                                                                                                                                                                                    Entropy (8bit):6.449288731687494
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                    MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                    SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                    SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                    SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_product.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):891720
                                                                                                                                                                                    Entropy (8bit):6.585338360673374
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:Doke10t8BAFF101+6zAdrZ6WhyBsrTDu+iGVTCCz/Yph0lhSMXlit+oc3q8+a/7:0TZU1A+6zCHC0bzmh0lhSMXldx3N/7
                                                                                                                                                                                    MD5:A3E668864285E04A02573E622C124942
                                                                                                                                                                                    SHA1:81498BDE4114F03F9AA5F6CA6097F9616689341C
                                                                                                                                                                                    SHA-256:689C118B8824D399F4A54875C30CD47AFAE467D96E571CF0DA47B775DA21231A
                                                                                                                                                                                    SHA-512:2DC8124D1F360B4B5708AA72203EBC6786E6A9CC34C8006895ECBB43E457ABEC5CF5967CD62D9D50E6406BFAB44DE699E968DF5178D82FDE98B75B399EB3AFC0
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........h..........|{....|{.x....:......................|{.....|.....q....e|.....qT.....|....e|....m|..........e|....|{.....|{.....................8......P.........Rich...........PE..d....BHg.........." ...&............................................................wd....`A................................................0................p...k..Hp...+.....................................(.......@............ ...............................text............................... ..`.rdata..j.... ......................@..@.data...........J..................@....pdata...k...p...l..................@..@_RDATA...............X..............@..@.rsrc................Z..............@..@.reloc...............`..............@..B........................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_product.dll.lzma

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 891720
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):330898
                                                                                                                                                                                    Entropy (8bit):7.999463671306361
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:6144:2Q4TuG9pskki5VyWURdHTW0NLFcUQMsnH41fWafmyYAywiWPt8VAi7h:2FXsiQRdz3NLPQMLsY6wi/VB7h
                                                                                                                                                                                    MD5:A93333D33435FC21F66C0EA7D0922EFF
                                                                                                                                                                                    SHA1:D3EC2C8028194993EF842A43ADDE39F56384AD93
                                                                                                                                                                                    SHA-256:AEE57B1F33AB198785BF833B178A13279A33FF13F49E6F9B7FC1A87E979ABEB7
                                                                                                                                                                                    SHA-512:1813E2B7FA9C11DD0F7474F891BD72A50E3703D9D313B71C779D68D39E227C6E7A2CC34D98629540956729A7D196D6ADC0C7D496A9BA4E7D954CB93B2D6E40D9
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@.H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f..2e...l{..1.*.cH...1...:.E.................3.)..!<.s(u..y.u....](+.q*?F......A....fJ.pWUnd.*....N##.X.:...1-Tr......K...0.w.....E..w.N..,.....7gv....]...T..2.=..........u...b.9.<H.0...9f...v.v1.S1..c.+X......<.qp..4`.o...uA...%*N....*..%5Gs.....?].U...).[....W.,r..d....@.Ar.....k.t..7.J.Z*.x......].....M.O.IW.7+....V.......`5..cNS..t(.B.y.a..0..x...s..x..<'...P*.n{K]t...qtBVYA..lh.Qp>..J.B.N.r..."...<.w1.&.Of...f...*7|..-[S:.'T.......*.Yd.%4...P|3..U(.D..qS.KS.....W.Mf..Y.(..S....\.lp..C...]d...;. ..*..b.5..>X...v.b....P.d.OD.........(.M.c.d.Z..y...<.U...T.0...c."j(.3b.X23.H_[OoRM...v.Oo.a..e.........J.......]..is. ...G...Q..........t.Ze].......P,...hw(E....ZXO.og.8...s.Qx.R...,.......:.....&;.....q......l..........Xl...r=.L....>...y...Q..i'.m.5..G....7...uy.q[..\[.-.|.s.....d..K.N..E8...3>_..q9....bKy...N.r..8.|...[..U.....Jm..?.......u.j(

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_rvrt.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):53048
                                                                                                                                                                                    Entropy (8bit):6.729924975001718
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                                    MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                                    SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                                    SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                                    SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus_rvrt.exe.lzma

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):27149
                                                                                                                                                                                    Entropy (8bit):7.993255690221499
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                                    MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                                    SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                                    SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                                    SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\product-def.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):61140
                                                                                                                                                                                    Entropy (8bit):5.19004057146788
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:vOt4htupPgPSOKOlIZciIgIX3I5SnW8UNWDmhtEnx4y+/iQwBynnsSaJeOHnB4lS:ql9EzKWfzZ
                                                                                                                                                                                    MD5:30920CBD1AAB979B19159A35BEC72D48
                                                                                                                                                                                    SHA1:C1A37D9B62C5FF5F1AF23C2DF6F7789B1A19A409
                                                                                                                                                                                    SHA-256:8548F8B52F9186C78838C82331633B23D35C7FA429AE03C2BBE0DAD48259F7C3
                                                                                                                                                                                    SHA-512:9424AEF76AF0085158165F9DA12CAD3E1EFFD96A6DD237E6BC8FDF8A07B8A015000C888958FBA8751078F50B605042F1E4596843C4E170672F5A0CABAFF5ECF7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" ?>.<product name="avg-av-vps">..<product-defs>...<config>....<install-folder name="AvVps"/>....<full-name name="AVG Antivirus Vps"/>...</config>..</product-defs>..<group-defs>...<group name="base" mandatory-selected="true">....<action-list op="install">.....<delete-pending-files/>.....<commit-extracted-files>......<important>true</important>.....</commit-extracted-files>.....<expand-vps-version order-base="commit-extracted-files" order="+1">......<important>true</important>.....</expand-vps-version>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg-av]%" exists="true"/>......</post-condition>......<src>%PRODUCT_INST%\*</src>......<dest>%PRODUCT_INST[avg-av]%\defs\%VPS_VERSION%</dest>......<ignore-same-files>true</ignore-same-files>......<move-type>Immediately</move-type>.....</copy-path>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\product-def.xml.lzma

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 61140
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13435
                                                                                                                                                                                    Entropy (8bit):7.984851071270686
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZRC1RPLsrlFm7jNFxtvYncH+MWfEaGiU2LYrylaXr5FsLELNNIODNUKmRJBbfh3u:3CXwr2ncM9aGi3YrTtP2OOKWJBbfthyR
                                                                                                                                                                                    MD5:DBECFCFEA3D6A28C490B6AB667DF8549
                                                                                                                                                                                    SHA1:B0B36213FBF4075F58BBE6BE22710CB3C3D2E7EA
                                                                                                                                                                                    SHA-256:972978CC871325B27BF149EA04FBD071F3CCD5BA017B4A27D0C883033DC5374E
                                                                                                                                                                                    SHA-512:5E23AD6DD488726C7CB862A5D048C63493CDBD35E8E263AFEFCC7D07E28114DB8BE4F09E83CF7066025B1D49BEB10868991115E888242C5DAB73285E5CC92AEE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:]..@................f......{3....&.7d..>$....`K...H......8..:_..~...\......>./........%..H.......o...Y....9-.f.P!....p...tC.k.....[...j...7^..1......N8...2....`..D.X.....h.TXhJk]......k...*3...J_..@[...URa.nK'.9W.a..Z.3k/.1e..gF6?.t...~.3e.=........BD....v...G7=..C.zM[B9d^..A...!....3BN3.(`..5T.....ZY&#AM.JA.......lnm.L.`x.......b@.`!...:...ZV.M~.P.%,.p.....Y..X2.oa.\.....}^....>.....7.{R=...3m>......I40Bua......[.q..Fn3j1....V6Wr..i9=P.(.8.......).\r..H..E..]?..&.mu...%x/..T......0..h`.E.h.228.....Y.4..9...vb.Gi.....f..SZ....w.k....E.....i.+.4...B....6......j......#.B..........[@..E......AP.yQ..%..V.YTN..Ue...?y.........z.7..ttP.B...%.O.._....].d...5&.1.Z./.]..Jg^V..S[d@1..~.R}.Y..}|Z...>..N.%.....A..J.#.....5.......u:8...IA.....q[!...!.o....Q''Imd.$.;]f..l.%......Z?.N.~T....c....q(....#...1Z.".....H.'n..w=6h.`.C.P.8h,.3%. ..-..+.....dW.U......K~..dg...\5&..........KI.s..v.~.u......l.......J..b......0.....Kw.6...M.....&....}.?.r.Ok...D

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\product-info.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5931
                                                                                                                                                                                    Entropy (8bit):5.1005989521720645
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:aVhDIkbjalzi/lgA4l3xlemZlKUz3rr62NM/7sXnqlbnlm2gVl6eUlgV1Ba+sSmM:acOjalzi/lgplhlemZlKUzbrxNM/YXnp
                                                                                                                                                                                    MD5:D4E1463D2E10EA78432BED03FC4BBC58
                                                                                                                                                                                    SHA1:C446153B97ED7985E00FCAFC5507DD7F265A57F6
                                                                                                                                                                                    SHA-256:3261F4AEEAADC8EE209DEB9F84E9CEA88CC126B27ECB88E5C70FBB1D197CC85C
                                                                                                                                                                                    SHA-512:96B8D69EDD0AC521F7050A6264BAA6C4EB920646F4D40963B636C5925BF30942AD2E0FEDEAB8D06CACA5819A6E34A262B6CDB834C38FC06564475F55624B26E4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av-vps</name>..<version>24.12.2304.8777</version>..<build-time>1734970124</build-time>..<inner-version>24122304</inner-version>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734970047</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734970048</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<o

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\aswOfferTool.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2463560
                                                                                                                                                                                    Entropy (8bit):6.7877829379438115
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:Yms+K+wDPbHIC9gAvAfAAEV1rnFTZT0krlGW+q:Yh+FUjHICaAo7ELxTZT0krgq
                                                                                                                                                                                    MD5:6FA67E53082AADD57DC5FF9663B427E7
                                                                                                                                                                                    SHA1:0D4C9335BB7A04EF61CECDCA24612135D116C0C7
                                                                                                                                                                                    SHA-256:0927BFA8AA5A89A5B58DD7E3D70B795C4005BD9F6B550659CD6F8B0D2A751E7F
                                                                                                                                                                                    SHA-512:66E4D4D26FA47EF1A84BF3EE6BCFB0B59C4CEF62A3242573694182C79DA980DE412BC3E46AAB7B1B526C307563E485A85069DAE380992A34751B95C51FFD4060
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.............E...E...EY..D...EY..DZ..E...E...E...D...E...D..E...D...EY..D...E..~E...E...D...E...E...E...D...E@..D,..EY..D...E...EZ..E...D...E...D...E...E...E..zE...E...D...ERich...E................PE..L...zBHg...............&.z........................@...........................%.......&...@.........................@.......(........`.............Hl%..+....%.$....,.......................-......8,..@............................................text....y.......z.................. ..`.rdata...Q.......R...~..............@..@.data...<n.......H..................@....rsrc.......`......................@..@.reloc..$.....%.......$.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\aswOfferTool.exe.lzma

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 2463560
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):931125
                                                                                                                                                                                    Entropy (8bit):7.999802194058071
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:24576:ENPdHsNVNYqE54xEA95k9Rx5EJf7JDK2W5RuIaMH1:EDmYqE54SAzk9RPEt7Jw5vDH1
                                                                                                                                                                                    MD5:1D5C7B36DBE8113B8B832B3A2D9E4669
                                                                                                                                                                                    SHA1:EC950585DAD815A430C30F7B9F127F1DE3DC0666
                                                                                                                                                                                    SHA-256:9E6192794963B565E5B0744307F77C5BD0ED912C695653A46982E4DD366BCCAB
                                                                                                                                                                                    SHA-512:CDE64F9864A9FBCEFFA60BB8FAE3B05441ABDCAD28C89AAAE6232DADA802F90C5C422A4A2B040478D44B152B864AD67D0DAB4FC34C465D881820BEB0C7BA81D6
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@.H.%......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.........^.....~.0...Y.3xH.$.%.sH......q(.F..#.Vu@......j..*m.";..^.N.>....I......p.....n.|....C..A.`4.c.w..`..|...K.D.@N..mv..,..T...b../..!.2.=...S)B^*b_T....G.W..{...&..";VP..D....#a5....s...C..C..9.@.q.0....cB..........0F..* |2\.9x..YFM=]s.qk...b.aezx..S.\.pe...k.|.........Tb.N.......c.n.Hu1..Q...G.............1........\t_.'#..s...WJ9Tqx...x?`.$W.^........7.2...s$..S.Q..v...7..V.8..,~..*gB..kcL..d..S."|B..\l.s.....O...'S0.hC....`../..5...W...ha.......w......,...T..b?....XQ..6.T,.........~.~.U.g..`.2W......9.n4....6.[b.......|.....Gn..|.Y.z5.d./...&..E..m.]W..KU40...c ..u...A...z..DL..H..+..^.:...$.s.\....Y.N..+.%*.].......b.'Y_.;9o...&..t...G}....m.....5W-........X.....I'...yJDB.....E..C1.V.5.....-<..q..\...+..{...j..3........U.~..."..u.@....0.....K.u........[..i*Ur...7F...W...8.00R=..{..#C.6XM#....(....2x.X....w...8+..[H.K3i.\.#....R..{R...+...

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\bug_report.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5944648
                                                                                                                                                                                    Entropy (8bit):6.511430665598052
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                    MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                    SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                    SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                    SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\config.def

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):760
                                                                                                                                                                                    Entropy (8bit):5.392444363663049
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:2AcW1OPqygANI+xzYN/pBM4b0a3Uk74YrTpuROfOOXy9G9QV6UaAAOheMjisU2T5:rVAJI+dspq4NUksYr1uAWOC933jI5rk
                                                                                                                                                                                    MD5:77F4B8E808586AC5EFD0F74F07C41713
                                                                                                                                                                                    SHA1:3ABFBE5681BBD4A687C193A120BB3DEA10B16A80
                                                                                                                                                                                    SHA-256:C6B0BDA024F7CFBB32151632D7A06A7411CE19275D847266E1853B05A5AD6A20
                                                                                                                                                                                    SHA-512:FCD8D79F1F895191111AF891296F306FD76B6E1810546E911165A14CEDB3F0F65A75F6304F5B71CF8E1BCB9BF626EC8FD62C61D1D261FE3B9C2B6B6EF8E8CB2F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..after_run=1..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..wait_for_net=60..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=0.0..stable_prefix=default..updatable=1..[offer.browser.asb]..decision_type=1..download_url=https://cdn-av-download.avgbrowser.com/avg_secure_browser_setup.exe..enable=1..priority=1..ui.offer=welcome..[Signature]..Signature=ASWSig2A68832743267EF1C24CD05C7E865EF0E8E83F109FD997312CB62ECC07F3D306231B7596ED813A6E4C6527036271FF50FEEA673EE7546099D224CDC9B99A3B11E9ASWSig2A

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\config.def.edat

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):21873
                                                                                                                                                                                    Entropy (8bit):5.690464339074782
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                                    MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                                    SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                                    SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                                    SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\dump_process.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3531080
                                                                                                                                                                                    Entropy (8bit):6.522879430230983
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                    MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                    SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                    SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                    SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\edition.edat

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Jn:J
                                                                                                                                                                                    MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                    SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                    SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                    SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:15

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8425288
                                                                                                                                                                                    Entropy (8bit):6.449288731687494
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                    MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                    SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                    SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                    SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_product.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):7074632
                                                                                                                                                                                    Entropy (8bit):6.486902090088866
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:+zdxWpixBidNhPpfUwr593W+QZMSF78Oaxz4yG6JyZf:+zdxWpixBiDht93W+QZMSF78OYz4pZf
                                                                                                                                                                                    MD5:D86C3547360DB15C094E32FAAB54AE3A
                                                                                                                                                                                    SHA1:E197C16BE3F3AB8B2C9C5C4621984F2F9B28BA0C
                                                                                                                                                                                    SHA-256:9BBDC59F38BFA64EF3305AC3B0B8B2D89522DCD4F59363A5324A4089730157E8
                                                                                                                                                                                    SHA-512:03FD7FE09F13C052A289847CA4F9F2EF78AEAF03E431DABA617E7E4CBC5FA6813F96D19CA007196A961B3C5C822BF63C6D398C3B72A192F412345726F156071B
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..:...i...i...i...h...i..zi...i...h...i...ha..i...h...i...h...i...i...iE..h...iE..h...i...h...i...h?..i...h...iX..h...iX..h...i...h...i...h...i...h0..i...i.}.i...h...i...h...i...i...i...h4..iy..hG}.iy..h...iy.xi...i...i...iy..h...iRich...i........................PE..d....BHg.........." ...&.4H..l$......%.......................................l.....Oml...`A.........................................._......._......@l.......h..M..H.k..+...Pl.....0.U.......................U.(....U.@............PH. ............................text....2H......4H................. ..`.rdata.......PH......8H.............@..@.data....w...P_......4_.............@....pdata...M....h..N....g.............@..@.sdata....... l.......k.............@..._RDATA.......0l......"k.............@..@.rsrc........@l......$k.............@..@.reloc.......Pl......*k.............@..B........................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_product.dll.lzma

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 7074632
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2087067
                                                                                                                                                                                    Entropy (8bit):7.99990334673335
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:49152:/yf+BFH+dEXmVEL20MtW17aRT761Cv1zyOnIzzAkIqbu:/2+3HyEXmT0MteiW1CtWzUfiu
                                                                                                                                                                                    MD5:F22487BDE9ED1A7EDB44AC7BE68AC791
                                                                                                                                                                                    SHA1:FC8CD1F1769425149D36A93F3761F1454C9D2BE1
                                                                                                                                                                                    SHA-256:EB59F36A27FF71FD3BC7E59AFDB09A07C08616280927A408F01DBAF0F4AE5974
                                                                                                                                                                                    SHA-512:C8B4E9721C0E370A367E4AC236A9BC6FEF17289ADE0D731D1544B2E47CA32860C7362C8715FEC8723960563CB7F023B8ECF2064A26804EAA923E99EAAD0CC6E9
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@.H.k......&..p.........../D.|...D9...B..y.i...-......;OB.....`......>...s_9.Lz.I..W..?.K<..............>.....W.Q..."..2.7._.$e.K.....c.K.^."...._@.Qh.l.=...h....Y....j.E1..|.q_.D...*..U.....z..-K*.?........1...a.2A.u)....q.9.........o.+.09.81Oy...zk..m5../.?Mj,D,.d..2.......^...X.0.y...,....bi.N..4V'.!.b.Rt...f.h.>.XF.-..2}......L...^...P......{...#9R.<.pl....!..o,. :.u.o.p=.y.."<.D9'...D....+.W... ..M2......O..T.._.-.1."..-?.xCm..2*lx3f&..^.]Xh..D.G>..=/[.._.5.Gf....U....,~I....8<:.\.f.=w.c.q.0.*.7F.._...bWt..v..gP.$\.6.a.e:....#.%@1..e..c.<.0..5.,.k6.<.L..P...=V.W.-.@.|m.......Q./"..\.t......JZ.......d..........+.Vdk.$...L...X...n...w..B.._VF..M. 5%..u........C..i......G.p..,..w..;Z.<.........../W.X..I.\U......@O....#A.E..),.w.R..Qv4<.e....>..)Y.:.a.R.C...-J1..)H...M..S.@t...p.5.?..._....&.....nN...O.B.H.t.....t.p..B...i....8...hz ^i.....;.+...m...W...`.jZt(........ .@j=.!Y...8.ZwC$.g...`....%.R`5E..........7..z..S4..uws/...~.e.n

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_rvrt.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):53048
                                                                                                                                                                                    Entropy (8bit):6.729924975001718
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                                    MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                                    SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                                    SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                                    SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_rvrt.exe.lzma

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):27149
                                                                                                                                                                                    Entropy (8bit):7.993255690221499
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                                    MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                                    SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                                    SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                                    SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus_ui.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):12384584
                                                                                                                                                                                    Entropy (8bit):6.57357572805349
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                                    MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                                    SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                                    SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                                    SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\product-def.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1328262
                                                                                                                                                                                    Entropy (8bit):5.392938987790726
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                                    MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                                    SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                                    SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                                    SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\product-info.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):9546
                                                                                                                                                                                    Entropy (8bit):5.274796830995219
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:dO7aJi/aMbmNyyVlMoyZfsUzbmx43/wXnqlcoV0eU7USsOdSIu2EWUYusO4:dUyMmNy0uT1zjyeQeOIxtWUzB4
                                                                                                                                                                                    MD5:A34AD82C753D71407866D9A538B50B9C
                                                                                                                                                                                    SHA1:3C902044E1124DB647E157E50DBA71EEC20C02F0
                                                                                                                                                                                    SHA-256:6DD5A2E60BB46B3BF14A25CC382AD8506FC833DF411BFE64BCBA89A16BE2B41E
                                                                                                                                                                                    SHA-512:12890040EE507EB29ADB45EDE7DE7B6F1379F0B9C86BDBCEDB8D09B6F84F71C5820CEF36F4245D8DC605E9FD42BAA24112AA5F44F25B63F27E7C5095B4401C77
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.12.9725.2390</version>..<build-time>1734372882</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734372793</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734372794</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\setupui.cont

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):388896
                                                                                                                                                                                    Entropy (8bit):7.999454561919189
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                                    MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                                    SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                                    SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                                    SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\54183570-af1f-4fd2-94c0-d8268835d497

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 8425288
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2532654
                                                                                                                                                                                    Entropy (8bit):7.99992603160213
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:49152:/WjjaTN6PDXOHqdjB0i8qpmWqeiYdYvSWatmEzB1h796GBXjc:esyaHWjei8qiYO2IEt7kGdc
                                                                                                                                                                                    MD5:4F97115E493AFF57C86AE0343D4706EC
                                                                                                                                                                                    SHA1:15CE45B25B64B3958BE2C9ADCCA5A91D25A554C7
                                                                                                                                                                                    SHA-256:A184C4878F3D33C3B9ACF78931A846C5D45430E245639008803AF803DB02AF6A
                                                                                                                                                                                    SHA-512:F5C87720A5341EE9C53E8E6E894A4AFFE8244B663367107CCBFA0E9B48356BD12C775E0D11F06C1A2000FDC8A7523B95295760360CACD21E528E1C18C70D9BDD
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]....H........&..p.........../D.|...C..I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f}{..5.;.@..[.t.......S...z~X...T....l...7..x.].../.o9SM9.(.0...o....}fX's.....G...\|:...c....3_.....H...d.z..Ki...2.XJ8y.y.40.._..,..F.."....X......T......!.0..5.%p.`@.J...e!.`..K".....^......h..[.).N.#.8.M..C...v..,..MI&C..T.R...1c..&n8.....6....e...?.Sh.?..|!&j..........=.k..\..?..p.`..[...]..!@.....7.q..N..F..S...Z...U...)....o.."J.7..K..:Y....cqO.'.9I.../v.....[..?i.....W#.{.a..".tjf.<......./....99\RP...........{.p.~....F......".]...W.$..=e.mU.k...%.T.'...X.....G..E........9.I.S...'`\.a..7...G.5}T.....UET..0...|....?..f....S...I4..L6Z..l.B.z.1@.....H..k~.=I.s.5....k.....e.3.V...]...0...cC.-_...j......E...~...|.......O.nM.y.H.')...L..P.........=A{H.?..LC.l..f.,;..PKS.t....a...u.QH!.Z8.{...@^e..[..?%i.a.=.i....eJm...y....]..a..>X...p.m.)..;.._..V.......D.d......L.....&.K5..XO...~.*}........=.*MG.O..i.5..]...b....z......5..$.f..T.Ew.h?*7m.6..T.W

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\777c404c-9987-4f1c-afd9-3364494675f5

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 1328262
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):143779
                                                                                                                                                                                    Entropy (8bit):7.998660051027999
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:3072:woHPYBqeVZAlvBiyK2Cu1ii3ZwA/MifImzB1A4iQrkM:5MqebWBeu1fZwApTztiY
                                                                                                                                                                                    MD5:4A31CDEC2EA9DEE0568BEF89D914FA14
                                                                                                                                                                                    SHA1:8E4983BBCB0A8D48186BE29E4758849ABF23D661
                                                                                                                                                                                    SHA-256:FC8868B60CA6E192DDF9A06CDE31D1D7FF9A19425F8F424CAA627D376C876B06
                                                                                                                                                                                    SHA-512:B31A387E051E85DDD7A68B2D72FB59844D220549C000DBBE9DA0AA03978C062501D5BDD95FFFECCBB3D7FD5CC3E24C121652DAA638B8789F76DE1A24EB60174D
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@..D.............f......{3....&.7d..>$....`K...H.......4...^.a.)....0C:.6..n.f.c...j...$Px...........X.PMf$5.B....O..DN....[.d..s..s..M..:B..(.N..L.?7=~Rg.[...N!."..8......1uW.#....;u<Q..MC..Kl.#.9!U.3N..N...^....Gp..a.@....-.m..Q...c.6.....]..vK..I..(.<..s.1h.r..)y.]!J9%...*/.(]X...%."....Y.,.J.......Z..T,....u1.&......n..&.!E$Dn<..;."....@..90H$Jk4..{i%.@^...q;.%.t!......Md..fJp) m.0..>3......hs...Y.4..<...Q8.$.@.n...u..N..X..ia.f..o.."....b<...^X...z.U;..[..[....A.`.W.0.X..l...v.GfM.9..y..q... $.....4E..Xd..[l.>..R...z../KjC*d..9J...!.O..U.^.l..].S).zLS.[90....O."0...kX[$V!...b{...1&.*@a{....|.Bg.....d0K.KGS.....r.h.]m.9..}.>Y.Ha..Sh.\.UgmX.......Hm.!8.?..k..r)..z.M........bc0:...N9?Qf.w78.....j.C y...;...V8.8..'....HE.Ur..A.,.4.....k.:'Vm.M.J.`..V....*.`.U#...\.8.G.`:......7...P."~.T....|...n......qsm.|..a....L......M580...............e...c1.9.8B.i<..@..~...5..&......kl@..<%8./H..R..9...g..nm_...s.c...."...P...Da.$l.#.;c.$d.w.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\7daf5f50-70db-4ee8-9158-6e2b79f9080d

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 3531080
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1024725
                                                                                                                                                                                    Entropy (8bit):7.999821315855513
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:24576:64ZDqa6E/JvqxKImmDBN+HAZLfT7O2iZvHF04PwUjsptlB:645N/QTN+X3ZK4Pw1Hb
                                                                                                                                                                                    MD5:B30B0361A61E22319E031BE300E0A058
                                                                                                                                                                                    SHA1:825B4E782C05019352F9C54AFF6855503D4732CD
                                                                                                                                                                                    SHA-256:B585CF3A5B8F95A32268E7CCA1CD7F5A743A1EC6A715D6151CA5DC3693F002A2
                                                                                                                                                                                    SHA-512:C70EBFDBE505422CE5AD4D47971C80A9E8CC908D22B2BC7F15A55CDD5CD276E2DBA8FACE0C710DF31CB6B406BE13692FF24F8201A967723B3326A94667DA6FD0
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@.H.5......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV....\....N..ZH$n.X.......<....|.N&..I@z...XrT..0O.j;...Q../b..-..g..F.......|.1A.\;.x...-....'`.y.\.9...hG.|...<.i..>.z...3`tP....x.9.:'.O6..0+.S ....zhs..C2O.X;D...>.GY.....4..M....IO....N.z`2.^...T..s.O."...0d.`.d.n............c..X...lkz.5'3..'[E....,m.kVt.Gx.L.pM.P4.].+ d.0... .d...F.@.f..&.H.l.v.I..D...i|._"..........RB....8.......X.v>.......d......>.=..'.W..)....v.Ut2. ...{....|k&.k....g'QV....|...6..k.N..6\....|.G.5.....v9.u.....(...X..[.-....0..4...:QrF.....RR...lhjW..n..c0q..9.....=]'~....N;c[.7*.=E...(.....wx.X8M..Z.b..n.?.....ECx2.8.d......?....GO..........qS.T...q..}...XN.m..,~...*....s..q..H.^..1i....*....{.o.....!W_d{.N.......J6.Vg...i.....................i0.....R.......#..o~.....8nW.......F..rn._.U........V=....Su..j.yk7.^._..C..........EDg.:sl)......L\.J...S.*u06`.}.BW..... ..<..T#6.*...-v~..q....!..7.....X.x.C.V.~g..o.A..#...}.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\83b4d0da-e585-4199-a868-cae94d89745b

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 12384584
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4013693
                                                                                                                                                                                    Entropy (8bit):7.999951248371016
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:98304:8C7VaUF0yi3wH4mmiTOA1RKldIwQSv9bM3QC:H7VaI0Z3o4QqDzoz
                                                                                                                                                                                    MD5:1751FFBAA0682BA752E1EBEA6B6259E3
                                                                                                                                                                                    SHA1:01A52320D884B13A6A92DD476A8837C25F551EFB
                                                                                                                                                                                    SHA-256:E91471DCAA978E828AF58403F63859F6459837C2E7E6BFB24BB6846643E743E9
                                                                                                                                                                                    SHA-512:504302B962AA99FF55B0326D2F29787EED6BD2C586CDCB733F03F2E67EEAAEA0CB56847E3779B8027F4CADA9C945D4E48E5DC8DDEEEE2FBE029D9E0F8CEC1592
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]....H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.......s;1a9f.$.h[3..A.....G|pk^..d....&..5.....f.=......o.../1p..'....y......l\.>.\....rK3s.9E.J.O.....%_m.F..#.l.......Q,..%..0....!.........y.....m.C..x...F .W.v?..9.N...{|1Vx..$.z.v.f../.:.D.)?0.j.....'.......sXvZ........m^;ti6wv....MG...:...V.z....0G.Mg./up.f..XEw...iMkF.b....^....(..}......!..O,...9?&..p..Gl.......0_.F.... ..R4...-..*.w.~..@...U. r........f.Q.n*....Y.........w....Fc..... J.8.3.!.~.....i.Z.<......ro./WIK-a...2y.Bh.1.......VS..J.,..Yc.c]..+....z^vl.d>.GF\=Y.WvT...............0K..D..l. 1.(bz.n.8.....uS_5..$V..j"..1.V.C..-...."..P<B.^z.&.P[\..Oq.(kb.q.....r.....G.....d&.E.-.~H.;... .*wD........T#.....M.@.....&d;.s........;...........&q.D..)V.IL.........:..*.\hg.......h:Y.g.\...j...e'.n..L5.9.SDG.J1?..WJ<].6.K....Q.d./....r.....eX...7V..\.S....sv.....0a1G..M..&..B..A8..:...PI........5'...W@...S....a....g.d..Dm..L....u..

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\915deedf-101e-4746-8b06-be28224d42f7

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 15688
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):9881
                                                                                                                                                                                    Entropy (8bit):7.982144056447914
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:va5QFe5kFCIgy2UX/GWISJ+ut3gXwU4Vp6RUxWKr9w5mqKokS6mNL6fb:vay6kFxaUXOBINQAbgRUx79w5xKok/uY
                                                                                                                                                                                    MD5:AE04DC0902D3306BE8A16E9C824EC526
                                                                                                                                                                                    SHA1:29977902A92BFD75234E8ACA64BC57A627FBC782
                                                                                                                                                                                    SHA-256:D5ACF32560137A3AFEE4E10CBE3A5630D75A8DF139922824FF78F9FA713B6D93
                                                                                                                                                                                    SHA-512:8D448254F8F9A9161782100FAE1D1F062C9BFE04555D4B30AC5457DB02A5D8A7C513BBBE013ADB1D9F386CD0F58A3607CEF864DE9A68FDDC22348453BF634B13
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:]..@.H=.......&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....L.c.Jc..k_....P....u*....E.~.Y.......0....\.:._.........]Q...o..V. .....e.D.K$j...d<...e`.XN[y.|....W..cv....U..%.C.d/\G*2.a....Q....._........ .`.!...#.h..|)...G....p.8.Py...=0,.8'.4...L..Po..d.;.Q.#..R.I..&N...C\....<H..<.UT.b..w(..G...D..S*....K..V..O3z.r.........t.5..U..wb...8H.:..4...c.'....wv.j%c....=.....q.D......s%Gr.>......I1.n..s..h...<........N.B......F.&.7.U6@.LM..@.LB.....BS.P..vA..W..r..2.v.C.UM.{.|....\..#8......::.E,..h...X.X....o..ii~.A0......Q.i.C.FZ.....,....y..h.....yr.....qB...`..-.i...\8(.........!./@...r.|T.|.......Zm...1........&G~....Pk.q.&.a...8..*..}.D.7..`"B....}.P..i.v.........}....h.Z.%.!T+.L....4.b...S.H...r.;t........PK)2.C.y<..^0.....C..,M..Z..s7.VA7[Z.<_..H.C....+...e. .'.{..l?.....@.E...#.oq.....i..@......J..G.m.nf..=. ....9;.y@...)....:.....>.......E...b...!H|f.q3|.I..a..Sq!.....6.f../.^.b

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\9f0fa647-744f-460e-880a-250c7ee05d00

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 388896
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):394365
                                                                                                                                                                                    Entropy (8bit):7.999498861385828
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:12288:MiHsN+DsMAGeruomEfcoPUYeI7NgJGR54rB:MrNcsMAGerDThdewBRKrB
                                                                                                                                                                                    MD5:4B1DD5C2123216AF96B86F6E43BBF980
                                                                                                                                                                                    SHA1:ABD916E383301C5EF4EA48898E349096CA4846B8
                                                                                                                                                                                    SHA-256:0D1E33CAC8D5A14FF8E9B55A58EAE20B6E795E5A3B96DB0B829E8801D6E7C7B2
                                                                                                                                                                                    SHA-512:75DA0D36297D96C6D7BD34F40D9597D729674C96346715B2078CF425AF19F44D02E82845BC2D36A5A1F3B438522AC884C125A453F9062DEDAFB665ABEAB65E2F
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@. ........~..E..8... .rZ.~0.eg6....2..)V....o.z.....gO.....L.1U..........@....Z.]..\..._...9'.....T...2<.u?.]..<!.i.3...gb.`c.*.....@.vu.Y..U.F./..m...(T...w(....m.i...VAX<........1!.W..)..?9k..E.(p..lN.r....,.;Z.;.?..Z..=.._w.'.H....v.m..i...P0m.<q..w..v.:..LE_z...i.....tfIz..(.nI.*...M..N..].h...2e.u.`.....h.}c.K{.].)..YQ......?}..6@.:.@(0R.`Bko.O...K.......Op.d.*.6b....e;....KC..n^..?(..[..S...-H@{z..&...<..T.......U.. .....yP.k.b;SGy..M.%(....L.....AcB........^...;K...cwO.7......h(.4E^.>.S........p....HY..,.?.=.....W........",e...w....z'.7..P.S.T.$...nQ./..rM.VK.sjd..3of...f..+.....P].6....L4...a.>G.D.5...2$o.......Er...m~....%.z^....vqi.@.O.~87....N.Z..3..A..kV......ND}N...1*_.`l.u.Kw..h.?.._.?ZK1.\O?.vv..8.WE....#T....J.....'<~I.dI.-.........FA<.k.f....0....4......K....h....*3.O.Go.....W.0.zc..e.......P......o....BL..............`m......l.bA....0....U.ac.....eH....=.p<F...............H.r?..i......Y..y..9...;-.F..GJZ/..O.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\a9695c8b-563a-4daa-858b-bb73662d6297

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:LZMA compressed data, non-streamed, size 5944648
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1827555
                                                                                                                                                                                    Entropy (8bit):7.999904141247566
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:49152:ODI7vzOJ4LkpEKNUBibEk9BxxQAUrV2Dvxr:ODIT/KEqzVpDvxr
                                                                                                                                                                                    MD5:84952697EEF607B32BC64CFBFFADC30E
                                                                                                                                                                                    SHA1:285F44353ADBF679AE88C63C9191976E05FA4320
                                                                                                                                                                                    SHA-256:B2821850BA09E884C2B058094EDF84EE7D72C2988CD575AA2D986CBEFA6579F9
                                                                                                                                                                                    SHA-512:57BD96CAB4844346B0E05ED3AC4CEE291C814D41AA4A1B86B05CFAC3CAA5501476871E49425363C633BCABDBF635A3072304FF9B9BEAC73EA3628BDEEFC9FBF9
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:]..@.H.Z......&..p.........../D.|....o.e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg....>..:o.u...F.d.h...Q..DL...^Mv.m..I.....R..h5.A.....M...i&-u..-...G.k.P.~..D,..\.*U'.)]T..A..Cn..gx....kXem.A;..F.ph.0....)....T.O.1.k.:w1.@.g..^...../.(.N.V.."/.....5.....j...>fq..bFG.+.y...a.v... .Z@.Au.|.H..%.......}..2...i....M....r........TbzT.R....."1.*....\A....X.<....+..X...<]8.y...b.P3x.q&.N...ze.a4$.Zpk.z...'C."..P.$h.....m.=L.3...\.|{..X.EX..f.....M....~q.C3.VN..+...N..|.....U..}<.$a.!j..>.../...9 .F..i. .Z/7_..<......q.o...p..j38.\p....4.B..)J..D.....N:...X.&+....-/.P..Q2...7 .e.H.....&..Ys.(i.j.S.4k......J....!..../.kY.....!..@.[.tV._.....5...W/.[....`FY5'U....L..|.R.F_.K.....mz9....G...#".o.-..L;.5...l6f.1...._.~.U..u.m!x._.N Ep.p........T.:..0Q.u.o.B.g.m.Q....T.P.d.k..V.Y.`d..9.6;{3{.U.hOvk.^D....\....]K+......w.|..{.._!...r..+...q.d..D.%..<YD.*.....K...!"oS.p.....o..i..&...-v.Rw.om.<.134.D..;cCvJ%?..o....?..gj\......B..r.;......M..;`.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\bug_report.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5944648
                                                                                                                                                                                    Entropy (8bit):6.511430665598052
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                    MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                    SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                    SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                    SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\dump_process.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3531080
                                                                                                                                                                                    Entropy (8bit):6.522879430230983
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                    MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                    SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                    SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                    SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8425288
                                                                                                                                                                                    Entropy (8bit):6.449288731687494
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                    MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                    SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                    SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                    SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_mod.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):15688
                                                                                                                                                                                    Entropy (8bit):6.958791234525559
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:wORgChIIIYiifE/Pw1/wfT3ir2WSx7bL4cv:ruRYiisPv3iPmbLH
                                                                                                                                                                                    MD5:F91371D99394307A7AF600577ED787F3
                                                                                                                                                                                    SHA1:D7488B8E6E302CDDA9B49EC7CB927D02A38254C2
                                                                                                                                                                                    SHA-256:48C1D01F6234E7C129B31A0C2388DE0F102F718721FEDF18EDBE19971D4222F5
                                                                                                                                                                                    SHA-512:F43CE12312A6A2BBEBA57A917DAF28CEE2C36DFE5C9529BB6C89B3390ED3902995F69ED3EBFA8903FD96A093D8DA8251204739A50576DFCE695010833C92C48D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................................*........Rich..................PE..L....AHg...........!...&..................... ...............................P............@E........................ !..\....#..<....0..............H....+...@..(.... ............................................... .. ............................text...U........................... ..`.rdata....... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus_ui.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):12384584
                                                                                                                                                                                    Entropy (8bit):6.57357572805349
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                                    MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                                    SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                                    SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                                    SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\product-def.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1328262
                                                                                                                                                                                    Entropy (8bit):5.392938987790726
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                                    MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                                    SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                                    SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                                    SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\product-info.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):9546
                                                                                                                                                                                    Entropy (8bit):5.274796830995219
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:dO7aJi/aMbmNyyVlMoyZfsUzbmx43/wXnqlcoV0eU7USsOdSIu2EWUYusO4:dUyMmNy0uT1zjyeQeOIxtWUzB4
                                                                                                                                                                                    MD5:A34AD82C753D71407866D9A538B50B9C
                                                                                                                                                                                    SHA1:3C902044E1124DB647E157E50DBA71EEC20C02F0
                                                                                                                                                                                    SHA-256:6DD5A2E60BB46B3BF14A25CC382AD8506FC833DF411BFE64BCBA89A16BE2B41E
                                                                                                                                                                                    SHA-512:12890040EE507EB29ADB45EDE7DE7B6F1379F0B9C86BDBCEDB8D09B6F84F71C5820CEF36F4245D8DC605E9FD42BAA24112AA5F44F25B63F27E7C5095B4401C77
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.12.9725.2390</version>..<build-time>1734372882</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734372793</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734372794</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\setupui.cont

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):388896
                                                                                                                                                                                    Entropy (8bit):7.999454561919189
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                                    MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                                    SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                                    SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                                    SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\ecoo.edat

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):21
                                                                                                                                                                                    Entropy (8bit):3.422577995321604
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                    MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                    SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                    SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                    SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                    C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2044
                                                                                                                                                                                    Entropy (8bit):5.411181603543847
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cEYpodGUS42A+ZQW8U9vYX/AaTbVRKp2lEkxM:0irWA+Z78U9AX/AkbVS2FxM
                                                                                                                                                                                    MD5:4E2BCFA1D044E7C28FE74C12F731458C
                                                                                                                                                                                    SHA1:4317EA637B8894EFA65FCF91DBA3003A064CE1D6
                                                                                                                                                                                    SHA-256:5B7810CEC066679AE754DEB57F9CA7DE37C4CF2DF479355C496E8FE71B9D2500
                                                                                                                                                                                    SHA-512:8C6E635354DF6556255A10131857277B08A3CC333881E557395B61A21D98D54C01A643C317D3969B8C33DAD1A6131C23E59D22EC4C242DE174A302CA6E4B75CA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.<icarus-info xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">..<file-mapping-sfx>...<handle>284</handle>...<size>1691384</size>..</file-mapping-sfx>..<file-list>...<file>....<alias>sfx-info.xml</alias>....<sha-256>e3ec3a7d2fad564b9481017e1adbe5057a2a0cf8a48f339433e56443adcfb14f</sha-256>....<offset>1670726</offset>....<size>803</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/edition.edat</alias>....<sha-256>e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb</sha-256>....<offset>1671606</offset>....<size>2</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/config.def.edat</alias>....<sha-256>267481c5c3ff66ec6dda02134b1216d85c12470555581f92b423a29c91db547a</sha-256>....<offset>1671688</offset>....<size>8555</size>....<timestamp>1734522278</timestamp>....<flags>1</flags>...</file>..</file-list>..<sfx-dir>C:\Windows\Temp\asw.637ee06e

                                                                                                                                                                                    C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1691384
                                                                                                                                                                                    Entropy (8bit):6.7745330741667
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:dfoyR/GATYvXlTwDljYotFh8OQgxqIFlrhUcPlCbh0lhSMXli8zlo4e4zWKM7:dfJpGATYvXAxFPKIF3TPlCqZ5e4aK
                                                                                                                                                                                    MD5:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                                    SHA1:D3975382239D916AED32AFE37A32623781450759
                                                                                                                                                                                    SHA-256:A599608AA42D0E334E6001CC9B90C0A0672F506B9459246F4A7B53D4AC5D2410
                                                                                                                                                                                    SHA-512:96653F518EB6B8AFFBCA0A1DBA61A8D1E5BD49FAD12AE11D605550B35A50814FC81BEF9A383C0659723D8421C71DF90B64E6CB238A60659A2DF85CA5DB28119D
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......c.R.'.<.'.<.'.<...?.(.<...9...<.!T..#.<.!T8.1.<.!T?.;.<.!T9.K.<...8.>.<.l.=.!.<..8...<.....%.<..9.&.<.'.<.+.<...;.&.<...=.6.<.'.=...<.MT5...<.MT<.&.<.MT.&.<.'..$.<.MT>.&.<.Rich'.<.........................PE..L... BHg...............&.(...................@....@..................................(....@..........................z.......{..........Hr...............+......t....................................M..@............@.......v.......................text....'.......(.................. ..`.rdata..LY...@...Z...,..............@..@.data...............................@....didat..T............2..............@....rsrc...Hr.......t...4..............@..@.reloc..t...........................@..B................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\asw.637ee06e7bed0476\ecoo.edat

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):21
                                                                                                                                                                                    Entropy (8bit):3.422577995321604
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                    MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                    SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                    SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                    SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                    C:\Windows\Temp\~DF195DC92ABAEB3CCE.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DF1DCE8DA3DE0BDFB9.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):1.1722645362689244
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:+W1unZM+xFX4rT56Qda9yUS7qd6CSIN8lgk:x1goTUn9znk
                                                                                                                                                                                    MD5:105D4EC4FDE20BAE6272DE82603A8DCE
                                                                                                                                                                                    SHA1:31AB283CD3F9248ADBC6426858CA4D3BDC036586
                                                                                                                                                                                    SHA-256:CA857EAF789E20FD3884111EA18EA320A308D3FBB55D3127719C68E3C9804388
                                                                                                                                                                                    SHA-512:4551249BCE9182292CC050B5637ED790F46458CF96D20EDD273E471C7D7198641DD1CC9F86302D31EE7AA34466DF0B32825FF6416332903FAFE9951A5DB19255
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DF3F35671492CE2A7C.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DF47314CDE39FCA6AC.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):1.1722645362689244
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:+W1unZM+xFX4rT56Qda9yUS7qd6CSIN8lgk:x1goTUn9znk
                                                                                                                                                                                    MD5:105D4EC4FDE20BAE6272DE82603A8DCE
                                                                                                                                                                                    SHA1:31AB283CD3F9248ADBC6426858CA4D3BDC036586
                                                                                                                                                                                    SHA-256:CA857EAF789E20FD3884111EA18EA320A308D3FBB55D3127719C68E3C9804388
                                                                                                                                                                                    SHA-512:4551249BCE9182292CC050B5637ED790F46458CF96D20EDD273E471C7D7198641DD1CC9F86302D31EE7AA34466DF0B32825FF6416332903FAFE9951A5DB19255
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DF637B90CF8E3EC0B1.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DF759AF587B6AAFEEA.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DF7F0E269C9B7E051E.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DF90AA80199948EEA5.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                    Entropy (8bit):1.454071756297878
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:B8PhNuRc06WX4UnT5bQda9yUS7qd6CSIN8lgk:chN1knTNn9znk
                                                                                                                                                                                    MD5:C1541FC8B1564205890C3DA8FF5D2102
                                                                                                                                                                                    SHA1:4E4A5ADB6FDC16E220CFE65ABA652D6FCF1A929C
                                                                                                                                                                                    SHA-256:960BDD44567CA83134EABA2FE34ED4D1AC3C0D382AA37C3D1C3EC522C692B985
                                                                                                                                                                                    SHA-512:CFD535D07EA51F48D9A03BEC20EEE83FB86B4040D88362A5C3F9E3540C82A214CC95935E975FD8980A63E9FA71FD9AECC5857AC916245C74D492917926EE9A62
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DFB26D08E89713F9BE.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):0.07728575714935673
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOpIWzraCtjBER9J1iVky6l51:2F0i8n0itFzDHFiqjBER9JTr
                                                                                                                                                                                    MD5:87FC8CE0A19F2A7AE5AB2EDCB62F907D
                                                                                                                                                                                    SHA1:B370BCD4C62ADFEB1F140C1524ECEA12B310707C
                                                                                                                                                                                    SHA-256:AB970EEF0513B00293AAD24A43E25E9101B5220FB59291752E63E2841A35E9EA
                                                                                                                                                                                    SHA-512:CEA19F21C4393A92BED63D2E3ADDF97C7C0932F4844935F1F0DA5F337D8EC206138C0D01D0002ADDEB4282981C58221640163AF724FF9231B3E9F1B48B23E3EE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DFC742FF4E18CF10D7.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                    Entropy (8bit):1.454071756297878
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:B8PhNuRc06WX4UnT5bQda9yUS7qd6CSIN8lgk:chN1knTNn9znk
                                                                                                                                                                                    MD5:C1541FC8B1564205890C3DA8FF5D2102
                                                                                                                                                                                    SHA1:4E4A5ADB6FDC16E220CFE65ABA652D6FCF1A929C
                                                                                                                                                                                    SHA-256:960BDD44567CA83134EABA2FE34ED4D1AC3C0D382AA37C3D1C3EC522C692B985
                                                                                                                                                                                    SHA-512:CFD535D07EA51F48D9A03BEC20EEE83FB86B4040D88362A5C3F9E3540C82A214CC95935E975FD8980A63E9FA71FD9AECC5857AC916245C74D492917926EE9A62
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DFF3AC284A18341874.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):69632
                                                                                                                                                                                    Entropy (8bit):0.09969272519095698
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:NkQpN8l5ipVvipVJVgd85apGZZklKyc+WLd85m0h:Nk0N8l5S9S7qd60RcrdQ
                                                                                                                                                                                    MD5:00CEFB0E8869600DC380513BCBD21F69
                                                                                                                                                                                    SHA1:C279355AED1991ACD5C84AE67A2508457EF1D4F8
                                                                                                                                                                                    SHA-256:7D22C4C3A3D83C8748B3FF964724EFB144C6E571D0C0FF1EB4BC70FB2F6AB473
                                                                                                                                                                                    SHA-512:89BD5AFA2D26B422F6EC08E567CA471F165B7F50F8815EA8B42A1127CA7EBF3441087C7751ACE8F590D5B194C700C4D068645306FB76B02B4C6A70B05B78572E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\Temp\~DFFFEDC2491F0F7241.TMP

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):1.1722645362689244
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:+W1unZM+xFX4rT56Qda9yUS7qd6CSIN8lgk:x1goTUn9znk
                                                                                                                                                                                    MD5:105D4EC4FDE20BAE6272DE82603A8DCE
                                                                                                                                                                                    SHA1:31AB283CD3F9248ADBC6426858CA4D3BDC036586
                                                                                                                                                                                    SHA-256:CA857EAF789E20FD3884111EA18EA320A308D3FBB55D3127719C68E3C9804388
                                                                                                                                                                                    SHA-512:4551249BCE9182292CC050B5637ED790F46458CF96D20EDD273E471C7D7198641DD1CC9F86302D31EE7AA34466DF0B32825FF6416332903FAFE9951A5DB19255
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1835008
                                                                                                                                                                                    Entropy (8bit):4.463146962766915
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:8IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:BXD94+WlLZMM6YFHg+n
                                                                                                                                                                                    MD5:8BB82AE29930F9F62557EC47A5F57538
                                                                                                                                                                                    SHA1:BDB4707092220EC9DC7EC10530B6DA2989D875EE
                                                                                                                                                                                    SHA-256:22DE5903FED5CF288D520679D100DB13AC591B05F6E0BDDFF31F5ABD433AE335
                                                                                                                                                                                    SHA-512:FF8D068D227BB4BF687D1C1F5C60FE4D4E90B52A3BD02E95438441CF3BD1AA14443E8A1CD2C0A3D84AE1FEA92D7DD5C1FAD0BE071457FBE2F8DA739C26506533
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....dU.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    \Device\ConDrv

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                                    Entropy (8bit):4.906627163124873
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:SKpJOLz3WF+RUepJVcFLzBVZEIIt+kiE2J5xAIzI3noLRIhsHeL4AcXOFuun:wL73CepJK3jZhIwkn23fzIXolIqHeLNX
                                                                                                                                                                                    MD5:08C3ABC1191365BF1DDD2F66419041D0
                                                                                                                                                                                    SHA1:5B81BC8EC959FA015E9CC4BFB68246801C7D8402
                                                                                                                                                                                    SHA-256:ED976831D1DEDDE435D6125024E5439001F3F620F8B0DD263014F1A20AB5A4EC
                                                                                                                                                                                    SHA-512:79CAD535CF85BE3158048D98DCDE3BAA7899CBC88E0EFDCECF4090D8AC1C9C11C450C9B9FFF4177BC4B2049B4C1FD184261338C72D45771ADE574C4F170FC4C4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:The following command was not found: firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe qBittorrent ENABLE...

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Entropy (8bit):7.984915995325627
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                    • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                    • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                    • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                    File name:Violated Heroine_91zbZ-1.exe
                                                                                                                                                                                    File size:14'472'936 bytes
                                                                                                                                                                                    MD5:6e4c8f2488186375ecc5701ae74a2a19
                                                                                                                                                                                    SHA1:f4765471feb517088c50a085f75264bd43b17b07
                                                                                                                                                                                    SHA256:d45e8203cd5398582a2a13d7f1f4caf7bab60fa6db19db24a2ae99efb0b2fbbc
                                                                                                                                                                                    SHA512:4ccd80ba67e037947736f3fbb774efa4a293c53fdba8c23c6f1ec0b3fba2deed1950a638e8f53cc80fa09505f84a4c6fadf899750e1c3640fe53348d96733501
                                                                                                                                                                                    SSDEEP:393216:wBBTeN30LpEiSCC9XSpIFwah3RuINhkUWgyL:AtwkLps9Xhrhhuahkdh
                                                                                                                                                                                    TLSH:3DE6333FB2A8A23FD56E0B3149B39250593B77A5795A8C1E07F0480DDF6A0611F3BB25
                                                                                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x4b5eec
                                                                                                                                                                                    Entrypoint Section:.itext
                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                    Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                    Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                    Signature Valid:true
                                                                                                                                                                                    Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                                                                    Error Number:0
                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                    • 24/03/2024 20:00:00 25/03/2025 19:59:59
                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                    • CN=MECHA MANGA - FZCO, O=MECHA MANGA - FZCO, S=Dubai, C=AE
                                                                                                                                                                                    Version:3
                                                                                                                                                                                    Thumbprint MD5:1A2E39E8F90F5FF6D22AD9098F5518F1
                                                                                                                                                                                    Thumbprint SHA-1:1F3CCE31883C9EF47711A1EE96294E479CE69CFB
                                                                                                                                                                                    Thumbprint SHA-256:42B420F3B7BB52249C84BFDABF29C9D4B5978803163B451821B2501ACB042115
                                                                                                                                                                                    Serial:3B1955CFEAA2C9C392292E00287D4A6C

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                    add esp, FFFFFFA4h
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    push esi
                                                                                                                                                                                    push edi
                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                    mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                    mov dword ptr [ebp-40h], eax
                                                                                                                                                                                    mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                    mov dword ptr [ebp-30h], eax
                                                                                                                                                                                    mov dword ptr [ebp-38h], eax
                                                                                                                                                                                    mov dword ptr [ebp-34h], eax
                                                                                                                                                                                    mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                    mov dword ptr [ebp-28h], eax
                                                                                                                                                                                    mov dword ptr [ebp-14h], eax
                                                                                                                                                                                    mov eax, 004B10F0h
                                                                                                                                                                                    call 00007FA8A0635165h
                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    push 004B65E2h
                                                                                                                                                                                    push dword ptr fs:[eax]
                                                                                                                                                                                    mov dword ptr fs:[eax], esp
                                                                                                                                                                                    xor edx, edx
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    push 004B659Eh
                                                                                                                                                                                    push dword ptr fs:[edx]
                                                                                                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                                                                                                    mov eax, dword ptr [004BE634h]
                                                                                                                                                                                    call 00007FA8A06D788Fh
                                                                                                                                                                                    call 00007FA8A06D73E2h
                                                                                                                                                                                    lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                    call 00007FA8A064ABD8h
                                                                                                                                                                                    mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                    mov eax, 004C1D84h
                                                                                                                                                                                    call 00007FA8A062FD57h
                                                                                                                                                                                    push 00000002h
                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                    push 00000001h
                                                                                                                                                                                    mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                    mov dl, 01h
                                                                                                                                                                                    mov eax, dword ptr [004237A4h]
                                                                                                                                                                                    call 00007FA8A064BC3Fh
                                                                                                                                                                                    mov dword ptr [004C1D88h], eax
                                                                                                                                                                                    xor edx, edx
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    push 004B654Ah
                                                                                                                                                                                    push dword ptr fs:[edx]
                                                                                                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                                                                                                    call 00007FA8A06D7917h
                                                                                                                                                                                    mov dword ptr [004C1D90h], eax
                                                                                                                                                                                    mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                    cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                    jne 00007FA8A06DDEFAh
                                                                                                                                                                                    mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                    mov edx, 00000028h
                                                                                                                                                                                    call 00007FA8A064C534h
                                                                                                                                                                                    mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x47a0.rsrc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xdcab380x2bb0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rsrc0xc70000x47a00x4800f650003280cd8edcb0c3855622bffe3bFalse0.3184136284722222data4.521124879067257IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                    Resources

                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                    RT_ICON0xc74f80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                                                                                                                                                                                    RT_ICON0xc77e00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                                    RT_ICON0xc79080x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                                                                                                                                                                                    RT_ICON0xc81b00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                                                                                                                                                                                    RT_ICON0xc87180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                                    RT_STRING0xc88400x360data0.34375
                                                                                                                                                                                    RT_STRING0xc8ba00x260data0.3256578947368421
                                                                                                                                                                                    RT_STRING0xc8e000x45cdata0.4068100358422939
                                                                                                                                                                                    RT_STRING0xc925c0x40cdata0.3754826254826255
                                                                                                                                                                                    RT_STRING0xc96680x2d4data0.39226519337016574
                                                                                                                                                                                    RT_STRING0xc993c0xb8data0.6467391304347826
                                                                                                                                                                                    RT_STRING0xc99f40x9cdata0.6410256410256411
                                                                                                                                                                                    RT_STRING0xc9a900x374data0.4230769230769231
                                                                                                                                                                                    RT_STRING0xc9e040x398data0.3358695652173913
                                                                                                                                                                                    RT_STRING0xca19c0x368data0.3795871559633027
                                                                                                                                                                                    RT_STRING0xca5040x2a4data0.4275147928994083
                                                                                                                                                                                    RT_RCDATA0xca7a80x10data1.5
                                                                                                                                                                                    RT_RCDATA0xca7b80x2c4data0.6384180790960452
                                                                                                                                                                                    RT_RCDATA0xcaa7c0x2cdata1.25
                                                                                                                                                                                    RT_GROUP_ICON0xcaaa80x4cdataEnglishUnited States0.75
                                                                                                                                                                                    RT_VERSION0xcaaf40x584dataEnglishUnited States0.28257790368271957
                                                                                                                                                                                    RT_MANIFEST0xcb0780x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                    comctl32.dllInitCommonControls
                                                                                                                                                                                    version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                    user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                    oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                    netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                    advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                    Exports

                                                                                                                                                                                    NameOrdinalAddress
                                                                                                                                                                                    TMethodImplementationIntercept30x454060
                                                                                                                                                                                    __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                    dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                    2024-12-23T18:59:04.285655+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973365.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:07.769393+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973465.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:10.111339+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973565.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:11.988814+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973665.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:14.819911+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973765.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:17.450991+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974065.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:34.454988+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974565.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:38.012753+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974665.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:40.852082+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974765.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:53.997675+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974865.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:54.622334+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974952.35.239.119443TCP
                                                                                                                                                                                    2024-12-23T18:59:57.044233+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44975265.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T18:59:57.159597+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44975152.35.239.119443TCP
                                                                                                                                                                                    2024-12-23T19:00:00.289792+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44976365.9.108.213443TCP
                                                                                                                                                                                    2024-12-23T19:00:03.365695+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44977634.117.223.223443TCP
                                                                                                                                                                                    2024-12-23T19:00:04.633143+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44977752.35.239.119443TCP
                                                                                                                                                                                    2024-12-23T19:00:05.211757+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44977934.117.223.223443TCP
                                                                                                                                                                                    2024-12-23T19:00:06.573201+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44978618.161.108.224443TCP
                                                                                                                                                                                    2024-12-23T19:00:17.848265+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449823104.20.87.8443TCP
                                                                                                                                                                                    2024-12-23T19:00:21.291318+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44983252.35.239.119443TCP
                                                                                                                                                                                    2024-12-23T19:00:39.344360+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44988534.117.223.223443TCP

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 23, 2024 18:59:02.564486027 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:02.564524889 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:02.564584970 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:02.568425894 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:02.568449020 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:04.285573959 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:04.285655022 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:04.290530920 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:04.290539980 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:04.290805101 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:04.337533951 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:04.516092062 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:04.516123056 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:04.516185999 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631321907 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631339073 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631356001 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631360054 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631397963 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631464005 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631489038 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.631517887 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:05.633539915 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:05.640079021 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:05.640096903 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:05.640109062 CET49733443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:05.640115976 CET4434973365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:06.093333006 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:06.093436956 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:06.093559027 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:06.093898058 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:06.093950033 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:07.769315004 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:07.769392967 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:07.771294117 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:07.771321058 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:07.771538019 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:07.773302078 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:07.773365021 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:07.773370028 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:08.744132042 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:08.744287968 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:08.744359970 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:08.746028900 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:08.746076107 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:08.746107101 CET49734443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:08.746123075 CET4434973465.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:08.840358973 CET49735443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:08.840404034 CET4434973565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:08.840487957 CET49735443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:08.841038942 CET49735443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:08.841056108 CET4434973565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:10.111339092 CET49735443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:10.324079990 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:10.324153900 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:10.324270964 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:10.324640989 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:10.324672937 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:11.988711119 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:11.988814116 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:11.990020037 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:11.990048885 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:11.990307093 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:11.991421938 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:11.991462946 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:11.991475105 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:12.992791891 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:12.992904902 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:12.992986917 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:12.993632078 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:12.993675947 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:12.993705988 CET49736443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:12.993736982 CET4434973665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:13.147219896 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:13.147253036 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:13.147332907 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:13.147664070 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:13.147680044 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:14.819855928 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:14.819911003 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:14.821438074 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:14.821449041 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:14.821652889 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:14.823177099 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:14.863368034 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.391947985 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.442116022 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.442131042 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.442179918 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.442195892 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.442250013 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.624031067 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.624047041 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.624078035 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.624121904 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.624130011 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.624167919 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.670180082 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.670195103 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.670253992 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.670263052 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.670274973 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.670353889 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.706312895 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.706392050 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708566904 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708611012 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708638906 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708697081 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708714962 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708736897 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708748102 CET49737443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.708760023 CET4434973765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.773464918 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.773510933 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:15.773837090 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.774374962 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:15.774391890 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:17.450900078 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:17.450990915 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:17.452100992 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:17.452107906 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:17.452310085 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:17.453385115 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:17.499336004 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.618071079 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.618092060 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.618105888 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.618176937 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.618204117 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.618253946 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.713310003 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.757989883 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.809058905 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.809077024 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.809151888 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.809164047 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.809201002 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859183073 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859230042 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859246969 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859265089 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859325886 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859523058 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859539032 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859548092 CET49740443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:18.859553099 CET4434974065.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:32.782430887 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:32.782520056 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:32.782727003 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:32.783041000 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:32.783073902 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:34.454900980 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:34.454988003 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:34.457911968 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:34.457938910 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:34.458163977 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:34.466113091 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:34.511372089 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.087578058 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.132738113 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140753984 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140764952 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140788078 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140803099 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140813112 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140820980 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140866041 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140902042 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140902042 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140919924 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.140965939 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.324965954 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.324990034 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.325040102 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.325069904 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.325098991 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.325119972 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.383304119 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.383335114 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.383404970 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.383430958 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.383455992 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.383498907 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.494853020 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.494884014 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.494941950 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.494982004 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.495013952 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.495038986 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.536150932 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.536194086 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.536231041 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.536271095 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.536303997 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.560220003 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.560244083 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.560300112 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.560323000 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.560350895 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.577661037 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.577680111 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.577749968 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.577769041 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.617444992 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.675493956 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.675506115 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.675538063 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.675573111 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.675599098 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.675622940 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.675651073 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695523977 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695549965 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695590973 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695604086 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695627928 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695632935 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695682049 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695694923 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.695744991 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.712739944 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.712760925 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.712811947 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.712826967 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.712852955 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.712873936 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.727736950 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.727757931 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.727802992 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.727821112 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.727844954 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.729168892 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.737557888 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.737580061 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.737620115 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.737632036 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.737659931 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.737739086 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.748035908 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.748074055 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.748111963 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.748131990 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.748172998 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.749649048 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.749701977 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.749716043 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.759507895 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.759533882 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.759588003 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.759601116 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.759630919 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.770951033 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.770970106 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.771042109 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.771059036 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.820553064 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.871331930 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.871357918 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.871413946 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.871431112 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.871467113 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.871505022 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.878070116 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.878108978 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.878139973 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.878159046 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.878182888 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.885740995 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.885760069 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.885891914 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.885906935 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.894382954 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.894403934 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.894455910 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.894476891 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.894503117 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.902513981 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.902534962 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.902582884 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.902596951 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.902623892 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.910903931 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.910923958 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.910969973 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.910984993 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.911014080 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.912309885 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.912368059 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.912380934 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.912431002 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.920852900 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.920881033 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.920923948 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.920939922 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:35.920964956 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:35.921021938 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.056031942 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.056054115 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.056103945 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.056128025 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.056155920 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.056178093 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.063419104 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.063441038 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.063481092 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.063493013 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.063519955 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.063581944 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.069799900 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.069842100 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.069873095 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.069892883 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.069916010 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.077004910 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.077049017 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.077092886 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.077115059 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.077140093 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.083441973 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.083461046 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.083507061 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.083527088 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.083551884 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.091334105 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.091356039 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.091454983 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.091469049 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.097702980 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.097723007 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.097774982 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.097795963 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.097819090 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.097846031 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.104271889 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.104291916 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.104372978 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.104404926 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.107811928 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.247796059 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.247827053 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.247881889 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.247921944 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.247952938 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.247975111 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.254405022 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.254453897 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.254496098 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.254513979 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.254542112 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.254559994 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257527113 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257591963 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257606030 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257630110 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257680893 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257730007 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257730007 CET49745443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257761955 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.257786989 CET4434974565.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.276952982 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.276988029 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:36.277051926 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.277328014 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:36.277343035 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.012685061 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.012753010 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.014578104 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.014589071 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.014923096 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.016638041 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.059376001 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.639874935 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.639900923 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.639920950 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.640019894 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.640041113 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.640090942 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.813381910 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.813410044 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.813472033 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.813483953 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.813530922 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.863146067 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.863168001 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.863241911 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.863253117 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.863292933 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.985982895 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.986011028 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.986056089 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.986073971 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:38.986107111 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:38.986128092 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.013654947 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.013675928 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.013775110 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.013775110 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.013786077 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.013842106 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.040766954 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.040786982 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.040862083 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.040870905 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.040908098 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.061507940 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.061531067 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.061594963 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.061606884 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.061649084 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166245937 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166325092 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166323900 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166357994 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166372061 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166383028 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166430950 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166590929 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166605949 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166615963 CET49746443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.166620970 CET4434974665.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.181797028 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.181869984 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:39.181966066 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.182356119 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:39.182387114 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:40.851950884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:40.852082014 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:40.853101015 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:40.853133917 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:40.853470087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:40.854970932 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:40.895374060 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.016557932 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.065150976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.065174103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.065301895 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.065351009 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.065439939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.136414051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.179995060 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.253535032 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.253549099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.253590107 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.253606081 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.253756046 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.253786087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.253856897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.299420118 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.299443960 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.299532890 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.299551010 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.299614906 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.413074970 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.413098097 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.413234949 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.413256884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.413322926 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.417316914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.417413950 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.447267056 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.447290897 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.447397947 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.447416067 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.471400976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.471427917 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.471484900 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.471503019 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.471533060 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.496341944 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.496360064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.496547937 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.496566057 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.539359093 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.604898930 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.604908943 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.604949951 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.604964972 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.604994059 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.605015993 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.605046034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.605078936 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.619990110 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.620011091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.620074987 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.620089054 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.620126963 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.620147943 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.633639097 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.633658886 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.633744001 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.633758068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.633816004 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.637589931 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.637665033 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.651137114 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.651159048 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.651235104 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.651247978 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.651282072 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.658879995 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.658912897 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.658955097 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.658972025 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.659024954 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.671618938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.671653986 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.671709061 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.671725035 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.671768904 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.671791077 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.679409027 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.679464102 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.679511070 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.679526091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.679579020 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.706453085 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.706496954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.706540108 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.706553936 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.706585884 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.706615925 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.790714025 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.790774107 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.790832043 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.790867090 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.790920973 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.791099072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.798640966 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.798661947 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.798743963 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.798758984 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.805187941 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.805212021 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.805349112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.805365086 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.806385040 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.806457043 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.806484938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.813522100 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.813540936 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.813631058 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.813644886 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.813709021 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.816623926 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.816734076 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.817775965 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.817851067 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.824894905 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.824915886 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.824976921 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.825000048 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.825012922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.825047016 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.831657887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.831684113 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.831743956 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.831758976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.831809044 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.831830025 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.838782072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.838802099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.838921070 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.838934898 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.838993073 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.906646967 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.906747103 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.996808052 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.996831894 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.996943951 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.996963024 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:42.997030020 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:42.997490883 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.003287077 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.003308058 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.003382921 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.003397942 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.003427029 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.009565115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.009589911 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.009655952 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.009669065 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.009695053 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.015861034 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.015880108 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.015964985 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.015979052 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.022315025 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.022341013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.022416115 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.022428989 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.022461891 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.026447058 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.026495934 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.026535034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.026549101 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.026573896 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.026602983 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.032869101 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.032897949 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.032941103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.032977104 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.032993078 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.033032894 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.039347887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.039376020 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.039437056 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.039448977 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.039495945 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.086230040 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.188353062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.188375950 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.188437939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.188458920 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.188507080 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.188527107 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.190084934 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.190155983 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.195600033 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.195620060 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.195684910 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.195697069 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.195741892 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.199116945 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.199157953 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.199204922 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.199223042 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.199275970 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205415964 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205435991 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205488920 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205502987 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205538988 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205568075 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205569029 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205580950 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.205646038 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.211632013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.211663961 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.211721897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.211734056 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.211786032 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.211807013 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.217524052 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.217545986 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.217593908 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.217607021 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.217645884 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.217664957 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.218338013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.223866940 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.223886967 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.223944902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.223958969 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.224010944 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.230051041 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.230077028 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.230204105 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.230204105 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.230220079 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.273716927 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.379914999 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.379930973 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.380007029 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.380043983 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.380115986 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.384341955 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.384386063 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.384434938 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.384452105 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.384489059 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.389679909 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.389694929 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.389761925 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.389779091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.389806032 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.395776987 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.395790100 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.395855904 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.395870924 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.395901918 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.399440050 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.399476051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.399514914 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.399530888 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.399585962 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.405467987 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.405483007 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.405555010 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.405569077 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.405622959 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.411196947 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.411211014 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.411284924 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.411298037 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.411350965 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.417550087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.417566061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.417663097 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.417675972 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.417740107 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.421761990 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.421802044 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.421926975 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.421941042 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.476831913 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.736814976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.736831903 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.736928940 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.736952066 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.737025976 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.737440109 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.737478971 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.737637043 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.737651110 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.738323927 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.738337040 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.738415003 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.738430023 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739058018 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739070892 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739147902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739164114 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739398956 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739409924 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739474058 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.739489079 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.740272045 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.740284920 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.740348101 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.740362883 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.740391970 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.741214037 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.741229057 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.741286993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.741301060 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.742248058 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.742261887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.742326975 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.742341995 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.764221907 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.764240026 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.764422894 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.764439106 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.769897938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.769912958 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.770016909 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.770036936 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.775255919 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.775269032 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.775371075 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.775384903 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.781435013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.781447887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.781620979 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.781639099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.787554026 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.787569046 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.787653923 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.787667990 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.793248892 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.793261051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.793363094 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.793378115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.799398899 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.799415112 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.799503088 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.799518108 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.804805040 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.804819107 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.804892063 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.804909945 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.804970980 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.956501007 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.956517935 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.956619024 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.956634998 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.956692934 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.960473061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.960511923 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.960674047 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.960688114 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.960746050 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.966710091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.966723919 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.966792107 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.966804981 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.966881990 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.972757101 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.972770929 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.972841978 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.972860098 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.972919941 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.978115082 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.978127956 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.978203058 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.978215933 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.978275061 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.984181881 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.984205008 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.984280109 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.984292984 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.984352112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.989995003 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.990010023 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.990082026 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.990094900 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.990159035 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.996174097 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.996187925 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.996270895 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:43.996284008 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:43.996340990 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.064054012 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.064069986 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.064167976 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.064182997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.064248085 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.152719975 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.152734995 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.152843952 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.152872086 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.152936935 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.158660889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.158674002 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.158773899 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.158787012 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.158849001 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.164798975 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.164813042 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.164887905 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.164900064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.164931059 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.164952993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.170104980 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.170118093 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.170228004 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.170241117 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.170300007 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.170845985 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.170922995 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.176683903 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.176697016 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.176809072 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.176826954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.176882982 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.182723999 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.182740927 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.182827950 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.182852983 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.182902098 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.188735962 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.188750029 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.188816071 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.188823938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.188869953 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.256665945 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.256680012 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.256866932 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.256882906 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.256942034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.341306925 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.341419935 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.346461058 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.346477032 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.346554995 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.346570015 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.352488041 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.352508068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.352591038 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.352606058 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.357594013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.357634068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.357682943 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.357702971 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.357734919 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.363718987 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.363733053 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.363818884 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.363833904 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.369352102 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.369364023 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.369465113 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.369481087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.374581099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.374593973 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.374685049 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.374700069 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.380815983 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.380829096 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.380901098 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.380923033 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.429987907 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.533601046 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.533631086 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.533660889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.533749104 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.533818007 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.533854961 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.533879042 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.538971901 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.538986921 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.539072990 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.539088011 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.539146900 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.544990063 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.545003891 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.545083046 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.545097113 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.545154095 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.550425053 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.550440073 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.550663948 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.550678968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.550760031 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.556400061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.556413889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.556498051 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.556512117 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.556575060 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.562077045 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.562091112 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.562201023 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.562215090 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.562273979 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.568067074 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.568079948 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.568165064 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.568195105 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.568259001 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.574064970 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.574076891 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.574161053 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.574173927 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.574234962 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.725617886 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.725635052 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.725857973 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.725879908 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.725949049 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.730686903 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.730700970 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.730779886 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.730792999 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.730851889 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.736699104 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.736735106 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.736783028 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.736818075 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.736851931 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.742104053 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.742115974 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.742228985 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.742245913 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.748001099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.748017073 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.748095989 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.748112917 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.748155117 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.754698038 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.754734039 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.754800081 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.754816055 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.754861116 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.760490894 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.760505915 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.760600090 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.760616064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.766655922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.766671896 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.766865969 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.766880989 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.820586920 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.918150902 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.918159008 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.918195963 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.918251038 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.918272018 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.918319941 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.918343067 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.921941996 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.921977997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.922039032 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.922053099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.922087908 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.927967072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.927978992 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.928052902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.928069115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.933978081 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.933990955 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.934062004 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.934077978 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.934979916 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.935045958 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.935059071 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.935118914 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.940947056 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.940959930 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.941039085 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.941051960 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.941121101 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.946671963 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.946685076 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.946759939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.946773052 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.946841002 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.952794075 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.952806950 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.952862024 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.952873945 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.952905893 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.952954054 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.958717108 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.958734035 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.958808899 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:44.958822012 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:44.958894014 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.145066023 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.145081997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.145232916 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.145313978 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.145359039 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.145389080 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384183884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384211063 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384315968 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384351969 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384411097 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384568930 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384583950 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384648085 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384661913 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384695053 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.384727955 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.385380030 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.385395050 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.385468006 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.385481119 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.385543108 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.386073112 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.386091948 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.386161089 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.386173010 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.386234045 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.387023926 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.387037992 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.387124062 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.387135983 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.387211084 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.387940884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.387955904 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388017893 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388030052 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388078928 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388078928 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388139963 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388155937 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388232946 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388245106 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.388302088 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.389333963 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.389348984 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.389420033 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.389431953 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.389494896 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.390360117 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.390376091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.390443087 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.390455961 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.390527964 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.391303062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.391324997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.391376019 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.391388893 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.391422033 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.391443968 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.392088890 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.392105103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.392174006 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.392187119 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.392255068 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393066883 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393080950 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393142939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393158913 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393212080 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393444061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393459082 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393522978 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393534899 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393568039 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.393587112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.394393921 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.394407988 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.394473076 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.394484997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.394512892 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.394539118 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.395488977 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.395503998 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.395570993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.395582914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.395641088 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.495839119 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.495853901 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.495965004 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.495990992 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.496041059 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.501172066 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.501189947 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.501267910 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.501282930 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.501354933 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.507179976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.507193089 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.507280111 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.507307053 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.507361889 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.513185024 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.513200045 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.513279915 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.513293982 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.513360977 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.518471956 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.518486977 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.518603086 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.518616915 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.518681049 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.524719000 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.524733067 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.524816036 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.524830103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.524888039 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.530050039 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.530064106 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.530132055 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.530145884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.530200958 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.535927057 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.535942078 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.536042929 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.536056042 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.536158085 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.610383034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.688009977 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.688031912 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.688107014 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.688138962 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.688200951 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.693470001 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.693485022 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.693552017 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.693569899 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.693627119 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.699444056 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.699457884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.699532986 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.699548960 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.699578047 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.699599981 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.704637051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.704652071 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.704719067 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.704731941 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.704787970 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.710581064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.710594893 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.710674047 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.710686922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.710740089 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.716166973 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.716180086 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.716255903 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.716268063 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.716317892 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.722016096 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.722029924 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.722114086 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.722127914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.722178936 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.726239920 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.726283073 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.726330042 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.726351023 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.726375103 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.773713112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.794909954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.794924021 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.795022964 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.795037985 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.795104027 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.884543896 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.884558916 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.884665012 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.884685993 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.884757042 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.889616966 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.889631033 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.889699936 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.889713049 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.889764071 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.895483017 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.895497084 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.895571947 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.895598888 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.895648956 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.901451111 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.901468039 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.901552916 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.901566982 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.901628017 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.906671047 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.906686068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.906757116 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.906769991 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.906825066 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.913014889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.913029909 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.913094044 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.913106918 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.913161993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.918118954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.918133020 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.918203115 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.918215990 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.918315887 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.986931086 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.986948013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.987046003 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:45.987061024 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:45.987118959 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.076872110 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.076888084 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.076956034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.076975107 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.077030897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.082122087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.082137108 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.082199097 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.082218885 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.082267046 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.087943077 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.087956905 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.088017941 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.088036060 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.088090897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.088825941 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.088895082 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.094069004 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.094088078 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.094145060 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.094158888 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.094197035 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.094218016 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.099992990 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.100009918 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.100068092 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.100080967 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.100131989 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.105844021 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.105859041 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.105921030 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.105933905 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.105981112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.111378908 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.111393929 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.111449003 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.111463070 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.111516953 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.264625072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.264642000 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.264744997 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.264769077 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.264981985 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.269344091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.269357920 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.269424915 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.269438982 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.269507885 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.275352001 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.275367022 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.275434017 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.275446892 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.275497913 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.284933090 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.284946918 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.285006046 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.285024881 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.285181046 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.289753914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.289769888 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.289854050 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.289866924 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.289918900 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.295687914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.295702934 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.295769930 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.295783043 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.295840979 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.301754951 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.301769972 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.301831961 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.301845074 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.301919937 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.306770086 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.306782961 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.306859970 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.306873083 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.306926966 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.456907988 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.456947088 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.457281113 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.457300901 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.457366943 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.461808920 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.461822987 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.461894989 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.461908102 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.461968899 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.467566967 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.467580080 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.467644930 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.467658043 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.467714071 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.477070093 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.477082968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.477148056 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.477160931 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.477220058 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.482368946 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.482383013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.482445955 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.482460022 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.482513905 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.487663031 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.487675905 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.487740993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.487754107 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.487807989 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.493598938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.493612051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.493674994 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.493686914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.493736029 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.499444008 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.499456882 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.499660969 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.499675035 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.499733925 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.666313887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.666347027 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.666635990 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.666655064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.666723967 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.671118021 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.671130896 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.671205997 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.671219110 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.671272993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.677144051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.677156925 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.677232981 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.677246094 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.677294970 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.697278023 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.697290897 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.697354078 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.697367907 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.697531939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.697531939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.702467918 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.702481985 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.702555895 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.702569008 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.702620983 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.708455086 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.708488941 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.708576918 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.708590984 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.708647013 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.713530064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.713543892 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.713618994 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.713632107 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.713681936 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.719432116 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.719445944 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.719513893 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.719527960 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.719573021 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.858756065 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.858774900 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.859069109 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.859087944 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.859158993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.864129066 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.864142895 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.864229918 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.864257097 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.864319086 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.869370937 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.869384050 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.869462013 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.869473934 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.869528055 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.889889002 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.889904022 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.889987946 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.890001059 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.890316963 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.895400047 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.895415068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.895486116 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.895498991 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.895550966 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.900773048 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.900788069 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.900856972 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.900870085 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.900918007 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.906446934 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.906461000 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.906527996 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.906541109 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.906589985 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.912426949 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.912440062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.912498951 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.912511110 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:46.912540913 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:46.912559986 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.050913095 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.050945997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.051232100 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.051250935 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.051331997 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.055829048 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.055843115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.055912971 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.055924892 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.055979967 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.061712027 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.061726093 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.061794043 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.061805964 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.061861038 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.082463026 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.082490921 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.082551003 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.082562923 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.082727909 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.087960005 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.087975025 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.088037014 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.088048935 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.088105917 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.093077898 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.093092918 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.093159914 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.093173981 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.093223095 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.094626904 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.094691992 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.099874973 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.099886894 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.099947929 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.099961042 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.105703115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.105721951 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.105783939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.105798960 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.139476061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.139558077 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.139575005 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.140284061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.140340090 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.140352964 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.195710897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247102022 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247109890 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247147083 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247179031 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247203112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247224092 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247366905 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.247366905 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.252891064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.252909899 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.252988100 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.253000975 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.253032923 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.253052950 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.258866072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.258879900 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.259079933 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.259093046 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.259152889 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.297581911 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.297616959 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.297669888 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.297683954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.297848940 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.303549051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.303563118 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.303627968 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.303642035 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.308823109 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.308835030 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.308900118 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.308914900 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.314640045 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.314651966 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.314714909 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.314728975 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.332567930 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.332580090 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.332648039 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.332663059 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.383111000 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439074039 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439083099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439131975 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439161062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439172983 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439193964 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439224005 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.439258099 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.445143938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.445159912 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.445240974 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.445254087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.445302963 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.450299025 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.450315952 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.450397015 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.450409889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.450469971 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.489685059 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.489697933 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.489906073 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.489918947 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.489985943 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.495650053 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.495665073 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.495745897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.495758057 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.495814085 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.501369953 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.501388073 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.501452923 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.501466036 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.501521111 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.506736994 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.506751060 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.506822109 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.506834984 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.506896019 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.524544954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.524558067 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.524739027 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.524750948 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.524815083 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.631351948 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.631367922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.631479979 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.631513119 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.631575108 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.637387991 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.637401104 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.637460947 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.637492895 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.637521982 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.637540102 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.642715931 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.642729044 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.642803907 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.642817020 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.642891884 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.681775093 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.681787968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.681862116 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.681876898 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.681930065 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.687774897 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.687788963 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.687858105 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.687871933 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.687938929 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.693578959 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.693592072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.693655014 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.693667889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.693723917 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.699532986 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.699546099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.699613094 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.699625015 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.699673891 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.716805935 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.716819048 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.716931105 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.716943979 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.716998100 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.823860884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.823877096 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.824070930 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.824084997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.824151993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.829065084 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.829078913 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.829153061 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.829165936 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.829226017 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.835011005 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.835025072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.835095882 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.835108042 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.835154057 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.874443054 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.874461889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.874656916 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.874675989 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.874746084 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.875108957 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.875169039 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.880522013 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.880549908 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.880647898 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.880661011 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.880718946 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.886368036 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.886382103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.886456966 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.886470079 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.886523962 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.892168045 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.892183065 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.892256021 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.892268896 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.892321110 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.910430908 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.910444975 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.910531998 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:47.910545111 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:47.910725117 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.016675949 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.016690016 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.016755104 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.016767979 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.016819000 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.016819000 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.022036076 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.022049904 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.022109032 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.022120953 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.022146940 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.022180080 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.027764082 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.027772903 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.027832985 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.027843952 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.027894974 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.027894974 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.067785025 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.067799091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.067862034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.067893982 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.067950010 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.072887897 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.072952986 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.072998047 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.073010921 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.073044062 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.073065996 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.079087973 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.079102039 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.079161882 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.079174995 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.079202890 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.079222918 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.084732056 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.084745884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.084803104 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.084814072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.084844112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.084861040 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.102446079 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.102488995 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.102518082 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.102530956 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.102562904 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.102602005 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.208132982 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.208151102 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.208365917 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.208380938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.208441019 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.213268995 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.213283062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.213360071 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.213380098 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.213443995 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.219166994 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.219182014 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.219252110 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.219264984 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.219310999 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.258822918 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.258840084 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.259040117 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.259072065 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.259136915 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.264931917 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.264947891 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.265044928 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.265058994 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.265114069 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.269978046 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.269993067 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.270073891 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.270086050 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.270152092 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.272562981 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.275958061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.275973082 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.276046991 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.276058912 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.276089907 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.276108980 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.278918982 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.294188976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.294202089 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.294387102 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.294449091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.294517040 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.401948929 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.401967049 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.402247906 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.402311087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.402370930 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.407145977 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.407160044 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.407237053 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.407253027 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.407305002 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.413135052 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.413152933 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.413233995 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.413247108 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.413296938 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.451514959 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.451529980 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.451716900 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.451780081 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.451836109 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.456777096 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.456792116 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.456876040 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.456897020 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.456952095 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.462743998 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.462759018 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.462837934 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.462850094 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.462907076 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.468607903 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.468624115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.468693972 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.468705893 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.468761921 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.486414909 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.486428976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.486625910 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.486689091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.486854076 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.601953983 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.601969957 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.602165937 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.602188110 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.602261066 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.607795954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.607810974 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.607891083 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.607903957 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.607955933 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.612967968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.612981081 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.613060951 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.613074064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.613140106 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.643866062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.643881083 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.644059896 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.644059896 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.644078970 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.644134998 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.648992062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.649008036 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.649094105 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.649116039 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.649171114 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.654980898 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.654995918 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.655061960 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.655077934 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.655107021 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.655128002 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.660811901 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.660825968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.660900116 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.660913944 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.661024094 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.680046082 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.680058956 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.680229902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.680229902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.680246115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.680293083 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.796087980 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.796102047 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.796152115 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.796181917 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.796211004 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.796230078 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.801273108 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.801286936 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.801327944 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.801338911 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.801367998 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.801400900 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.807255030 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.807270050 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.807310104 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.807343006 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.807375908 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.807395935 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.835881948 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.835896015 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.835943937 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.835962057 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.835984945 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.836002111 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.841061115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.841074944 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.841124058 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.841140985 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.841165066 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.841192007 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.847469091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.847484112 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.847532034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.847549915 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.847575903 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.847593069 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.852955103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.852972031 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.853024960 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.853041887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.853065014 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.853087902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.871582031 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.871596098 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.871644974 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.871668100 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.871690989 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.871710062 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.988251925 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.988267899 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.988513947 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.988543034 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.988610983 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.994250059 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.994265079 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.994350910 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.994364023 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.994416952 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.999474049 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.999488115 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.999571085 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:48.999583960 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:48.999635935 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.028945923 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.028959990 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.029031992 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.029043913 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.029089928 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.034949064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.034962893 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.035021067 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.035027981 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.035074949 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.040169954 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.040188074 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.040235996 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.040242910 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.040275097 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.040288925 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.046129942 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.046143055 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.046222925 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.046230078 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.046284914 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.064513922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.064527988 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.064632893 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.064651012 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.064815998 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.180617094 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.180633068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.180710077 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.180725098 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.180779934 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.186558962 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.186575890 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.186640978 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.186655045 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.186707973 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.191948891 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.191967964 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.192034006 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.192048073 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.192097902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.221376896 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.221390009 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.221457958 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.221470118 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.221529007 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.226994038 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.227010012 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.227070093 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.227082968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.227132082 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.227458000 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.227514029 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.233405113 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.233418941 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.233483076 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.233495951 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.233549118 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.239231110 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.239244938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.239303112 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.239330053 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.239386082 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.257654905 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.257668018 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.257865906 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.257884026 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.257946968 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.373636007 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.373655081 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.373760939 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.373795986 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.373859882 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.379574060 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.379606009 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.379682064 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.379695892 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.379754066 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.385071993 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.385088921 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.385270119 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.385284901 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.385340929 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.414367914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.414383888 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.414460897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.414479017 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.414635897 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.420238972 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.420278072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.420370102 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.420383930 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.420439959 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.425378084 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.425390959 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.425460100 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.425473928 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.425523043 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.431338072 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.431351900 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.431427002 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.431441069 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.431488037 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.449574947 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.449589968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.449737072 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.449750900 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.449805975 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.564033031 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.564080000 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.564246893 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.564246893 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.564271927 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.570377111 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.570393085 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.570481062 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.570497036 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.575247049 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.575261116 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.575350046 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.575366974 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.604857922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.604870081 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.605031967 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.605046988 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.610779047 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.610790968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.610861063 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.610876083 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.616575003 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.616586924 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.616678953 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.616694927 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.622534990 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.622546911 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.622628927 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.622658968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.640572071 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.640583038 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.640774965 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.640789032 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.695612907 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.755383968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.755392075 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.755441904 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.755578995 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.755578995 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.755599976 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.755659103 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.760797024 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.760804892 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.760838985 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.760875940 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.760891914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.760921001 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.760962963 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.766674995 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.766689062 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.766760111 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.766774893 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.766828060 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.797287941 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.797306061 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.797487020 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.797501087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.797565937 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.800679922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.800756931 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.800769091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.806458950 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.806471109 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.806540966 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.806555033 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.811757088 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.811769962 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.811849117 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.811865091 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.817806959 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.817819118 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.817882061 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.817895889 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.833954096 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.833991051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.834125996 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.834141970 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.834203005 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.948174000 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.948188066 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.948265076 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.948285103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.948333979 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.954157114 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.954171896 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.954237938 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.954251051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.954301119 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.956831932 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.956907034 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.956919909 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.987909079 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.987924099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.988034010 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.988046885 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.989690065 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.989764929 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.989777088 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.989835024 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.994695902 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.994738102 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.994776011 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.994790077 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:49.994816065 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.994834900 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:49.999991894 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.000006914 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.000097990 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.000111103 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.000164986 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.005850077 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.005877972 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.005949974 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.005963087 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.006015062 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.012073040 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.012085915 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.012115002 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.012166977 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.012181997 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.012212992 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.012232065 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.139465094 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.139480114 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.139585972 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.139609098 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.139666080 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.144754887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.144768953 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.144865036 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.144877911 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.144931078 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.150579929 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.150593996 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.150670052 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.150682926 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.150732994 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.184228897 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.184242010 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.184427023 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.184427023 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.184446096 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.184509039 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.186556101 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.186640024 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.192442894 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.192456961 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.192527056 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.192540884 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.198399067 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.198417902 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.198498964 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.198514938 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.203686953 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.203697920 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.203763008 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.203785896 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.207051039 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.207089901 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.207119942 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.207135916 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.207190990 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.331309080 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.331335068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.331444979 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.331480980 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.331657887 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.337169886 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.337183952 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.337249041 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.337265968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.337316036 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.343106031 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.343118906 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.343208075 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.343221903 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.343276024 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.376193047 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.376208067 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.376318932 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.376337051 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.376516104 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.382178068 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.382193089 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.382263899 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.382280111 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.382334948 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.388147116 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.388161898 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.388231993 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.388246059 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.388299942 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.393254042 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.393270016 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.393332005 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.393346071 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.393398046 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.399178028 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.399193048 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.399267912 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.399281979 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.399359941 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.528810978 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.528831005 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.528930902 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.528951883 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.529011965 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.534056902 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.534071922 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.534146070 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.534158945 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.534216881 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.540122032 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.540136099 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.540196896 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.540210009 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.540258884 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.568397999 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.568413973 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.568511963 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.568525076 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.568578005 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.574565887 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.574580908 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.574677944 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.574691057 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.574747086 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.580244064 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.580281973 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.580374002 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.580401897 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.580456972 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.586199999 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.586218119 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.586393118 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.586394072 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.586410999 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.586469889 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.591387033 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.591408968 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.591470003 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.591504097 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.591532946 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.591552973 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.720566034 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.720581055 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.720752954 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.720772982 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.720829964 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.724898100 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.724955082 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.724968910 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.724975109 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.725009918 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.725045919 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.725126982 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.725159883 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:50.725188971 CET49747443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:50.725203991 CET4434974765.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:52.335422993 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:52.335458040 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:52.335525036 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:52.335802078 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:52.335813999 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:52.699063063 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:52.699141026 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:52.699253082 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:52.700283051 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:52.700313091 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:53.997468948 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:53.997674942 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:53.998960972 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:53.998969078 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:53.999169111 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:54.000267029 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:54.000297070 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:54.000299931 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:54.622095108 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:54.622334003 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:54.623733044 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:54.623761892 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:54.623974085 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:54.664381027 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:54.665505886 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:54.665544033 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:54.665560007 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.131686926 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.131932974 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.132038116 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:55.132100105 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:55.132116079 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.132126093 CET49748443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:55.132129908 CET4434974865.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.176989079 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.177088022 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.177151918 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:55.181011915 CET49749443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:55.181050062 CET4434974952.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.231352091 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:55.231410980 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.231508017 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:55.232081890 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:55.232112885 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.385476112 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:55.385545969 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.385612011 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:55.386043072 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:55.386059999 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.596967936 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 18:59:55.719747066 CET804975434.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.719815016 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 18:59:55.719914913 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 18:59:55.719948053 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 18:59:55.845690012 CET804975434.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.845714092 CET804975434.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:56.832006931 CET804975434.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:56.883117914 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 18:59:57.044050932 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.044233084 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:57.045229912 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:57.045258999 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.045475006 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.046611071 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:57.046653032 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:57.046668053 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.158976078 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.159596920 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:57.159667969 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.160904884 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:57.160926104 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.160958052 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:57.160967112 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.666084051 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.666336060 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.666609049 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:57.666932106 CET49751443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 18:59:57.666965008 CET4434975152.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:58.097496033 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:58.097584963 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:58.100213051 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:58.100286007 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:58.100332022 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:58.100367069 CET49752443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:58.100382090 CET4434975265.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:58.621552944 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:58.621656895 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:58.621748924 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:58.622033119 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 18:59:58.622068882 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:00.289705992 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:00.289792061 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 19:00:00.298239946 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 19:00:00.298280954 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:00.298592091 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:00.300167084 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 19:00:00.300205946 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 19:00:00.300218105 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:00.854119062 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:00.854140997 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:00.973747015 CET804975434.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:00.973777056 CET804975434.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:01.186624050 CET804975434.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:01.226893902 CET4975480192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:01.265381098 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:01.265465021 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:01.265538931 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 19:00:01.265759945 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 19:00:01.265774965 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:01.265784025 CET49763443192.168.2.465.9.108.213
                                                                                                                                                                                    Dec 23, 2024 19:00:01.265789032 CET4434976365.9.108.213192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:02.143335104 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:02.143385887 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:02.143512964 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:02.144011021 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:02.144032955 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:02.648869038 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:02.648910999 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:02.648974895 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:02.649202108 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:02.649214983 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:02.888679981 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:02.888731003 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:02.888803959 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:02.896466017 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:02.896481037 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:03.365631104 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:03.365695000 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:03.367171049 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:03.367178917 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:03.367588997 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:03.405812025 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:03.405838013 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:03.405847073 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:03.809659958 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:03.809827089 CET4434977634.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:03.809967995 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:03.809993029 CET49776443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:03.998517990 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:03.998554945 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.000664949 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:04.000946045 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:04.000958920 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.122553110 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.122627020 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:04.589689970 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.633142948 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:04.673109055 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:04.673116922 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.675041914 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:04.675045967 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.675059080 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:04.675065041 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.717940092 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:04.717959881 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.718204975 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.718265057 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:04.721590996 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:04.721612930 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:04.721625090 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.989473104 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:04.989494085 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.989553928 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:04.989844084 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:04.989855051 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.180610895 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.180706978 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.180788040 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:05.180948019 CET49777443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:05.180964947 CET4434977752.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.211694002 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.211756945 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:05.214795113 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:05.214802027 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.215003014 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.217005014 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:05.217035055 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:05.217040062 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.405831099 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.405900002 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.405960083 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:05.405961037 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:05.407296896 CET49778443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:05.407327890 CET44349778104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.663716078 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.663784981 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:05.664319038 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:05.664570093 CET49779443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:05.664582014 CET4434977934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:06.573121071 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:06.573200941 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:06.582819939 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:06.582834959 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:06.583060980 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:06.584613085 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:06.584650993 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:06.584655046 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:07.375655890 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:07.375878096 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:07.375978947 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:07.376046896 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:07.376046896 CET49786443192.168.2.418.161.108.224
                                                                                                                                                                                    Dec 23, 2024 19:00:07.376059055 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:07.376065969 CET4434978618.161.108.224192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:16.623752117 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:16.623853922 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:16.624037981 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:16.625189066 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:16.625225067 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:17.848197937 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:17.848264933 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.849360943 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.849374056 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:17.849580050 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:17.890398979 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.903769016 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.903800964 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.903815031 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:17.961479902 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.961525917 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:17.961632013 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.962867022 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:17.962898016 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:18.467711926 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:18.467802048 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:18.467885017 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:18.477329016 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:18.477365971 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:18.866060019 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:18.866127014 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:18.866195917 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:18.866520882 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:18.866579056 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:18.866616011 CET49823443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:18.866631031 CET44349823104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.293929100 CET49832443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:19.293958902 CET4434983252.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.294143915 CET49832443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:19.294482946 CET49832443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:19.294497013 CET4434983252.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.611211061 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.611284971 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:19.613987923 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:19.614002943 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.614214897 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.656021118 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:19.824604034 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:19.827032089 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:19.827043056 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.848599911 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.848684072 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:19.869024038 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:19.869086027 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.869286060 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:19.921680927 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:20.285062075 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:20.285134077 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:20.285181046 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:20.285619974 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:20.285619974 CET49830443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:20.285645008 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:20.285657883 CET44349830104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.290873051 CET4434983252.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.291317940 CET49832443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:21.291337013 CET4434983252.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.325763941 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:21.331820965 CET49832443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:21.331820965 CET49832443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:21.331829071 CET4434983252.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.331842899 CET4434983252.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.367362976 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.689445972 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.689686060 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.689881086 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:21.690215111 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:21.690253973 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.690366030 CET49831443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:21.690382957 CET44349831104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.767983913 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:21.768059015 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.768368959 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:21.768712044 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:21.768743038 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.834486008 CET4434983252.35.239.119192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:21.834734917 CET49832443192.168.2.452.35.239.119
                                                                                                                                                                                    Dec 23, 2024 19:00:23.014193058 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:23.014275074 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:23.015650034 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:23.015671015 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:23.015896082 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:23.062300920 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:23.336447954 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:23.379359961 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:23.673882961 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:23.673945904 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:23.674015045 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:23.674247026 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:23.674288988 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:23.674316883 CET49839443192.168.2.4104.20.87.8
                                                                                                                                                                                    Dec 23, 2024 19:00:23.674331903 CET44349839104.20.87.8192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:38.114717960 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:38.114787102 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:38.114872932 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:38.120181084 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:38.120214939 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:38.882980108 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:38.883003950 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:38.883057117 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:38.899789095 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:38.899801970 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.023701906 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:39.023713112 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.023849964 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:39.024466991 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:39.024477005 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.344276905 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.344360113 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:39.345541000 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:39.345566988 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.345812082 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.352207899 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:39.352252007 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:39.352264881 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.796380997 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.796624899 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:39.796713114 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:39.798696995 CET49885443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:39.798712969 CET4434988534.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.122332096 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.122396946 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:40.127729893 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:40.127736092 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.128056049 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.130963087 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:40.131005049 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.243629932 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.243694067 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:40.245265961 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:40.245277882 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.245476961 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.245949030 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:40.287333965 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.871860981 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.872020006 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.872221947 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:40.872550964 CET49891443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:00:40.872560024 CET4434989134.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.953114033 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.953166962 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:40.953541994 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:40.965377092 CET49893443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:40.965389013 CET4434989334.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:43.288876057 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:43.288885117 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:43.288943052 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:43.289267063 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:43.289273977 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:44.501422882 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:44.501496077 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:44.504256010 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:44.504261017 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:44.504482985 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:44.505287886 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:44.551332951 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:44.959433079 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:44.959677935 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:44.959714890 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:44.961343050 CET49905443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:00:44.961354971 CET4434990534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:01.023475885 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:01.023514986 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:01.023633003 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:01.025926113 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:01.025938988 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:02.250310898 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:02.250375032 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:08.441631079 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:08.441646099 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:08.442624092 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:08.443037033 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:08.443084955 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:08.911845922 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:08.911997080 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:08.912091017 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:08.912317991 CET49970443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:08.912333012 CET4434997034.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:09.057796955 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:09.057838917 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:09.057904005 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:09.058197021 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:09.058212996 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.247751951 CET49995443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:01:10.247817993 CET4434999534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.247901917 CET49995443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:01:10.249450922 CET49995443192.168.2.434.160.176.28
                                                                                                                                                                                    Dec 23, 2024 19:01:10.249480009 CET4434999534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.284995079 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.285058022 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:10.286762953 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:10.286772013 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.287262917 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.287591934 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:10.287658930 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.750824928 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.751274109 CET4434998934.117.223.223192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:10.751333952 CET49989443192.168.2.434.117.223.223
                                                                                                                                                                                    Dec 23, 2024 19:01:11.461416960 CET4434999534.160.176.28192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:11.461493969 CET49995443192.168.2.434.160.176.28

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 23, 2024 18:59:02.116455078 CET5557953192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 18:59:02.555635929 CET53555791.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:52.555603027 CET5768653192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET53576861.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:55.454633951 CET5417953192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 18:59:55.454862118 CET5039253192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 18:59:55.592894077 CET53541791.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 18:59:57.782464981 CET5934353192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:01.966969013 CET6553153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:02.123959064 CET53655311.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:02.647780895 CET6549853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:02.884027958 CET53654981.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:04.762589931 CET6493053192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:04.988569021 CET53649301.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:10.080529928 CET6550153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:16.377433062 CET5514153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:16.619008064 CET53551411.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:20.386413097 CET6294853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:22.232928991 CET5519153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:37.969672918 CET6341553192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:38.108201981 CET53634151.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:38.705677032 CET6341653192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:38.847207069 CET53634161.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:38.885579109 CET6341853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:39.022563934 CET53634181.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:41.061320066 CET6342053192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:43.149151087 CET6542653192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:43.288266897 CET53654261.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:00:45.870116949 CET6542853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:45.870482922 CET6542853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:46.275248051 CET6543353192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:00:46.275604963 CET6543353192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:01:00.884305954 CET6104753192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:01:01.022860050 CET53610471.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:07.439310074 CET5195853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:01:08.396651983 CET5686053192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:01:08.919615030 CET5686153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:01:09.057338953 CET53568611.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:09.538295031 CET6485453192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:01:09.707510948 CET5582653192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 23, 2024 19:01:10.245378971 CET53648541.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 23, 2024 19:01:11.344912052 CET4916853192.168.2.41.1.1.1

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 23, 2024 18:59:02.116455078 CET192.168.2.41.1.1.10x8c6bStandard query (0)d3ben4sjdmrs9v.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.555603027 CET192.168.2.41.1.1.10x59b0Standard query (0)analytics.apis.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:55.454633951 CET192.168.2.41.1.1.10xad21Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:55.454862118 CET192.168.2.41.1.1.10x5385Standard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:57.782464981 CET192.168.2.41.1.1.10x1c9bStandard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:01.966969013 CET192.168.2.41.1.1.10x5344Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:02.647780895 CET192.168.2.41.1.1.10x1c79Standard query (0)stats.securebrowser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:04.762589931 CET192.168.2.41.1.1.10x4a36Standard query (0)d3ben4sjdmrs9v.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:10.080529928 CET192.168.2.41.1.1.10x9e30Standard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:16.377433062 CET192.168.2.41.1.1.10xd769Standard query (0)update.norton.securebrowser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:20.386413097 CET192.168.2.41.1.1.10xc0ebStandard query (0)cdn-update.norton.securebrowser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:22.232928991 CET192.168.2.41.1.1.10xb329Standard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:37.969672918 CET192.168.2.41.1.1.10x336Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.705677032 CET192.168.2.41.1.1.10xc1aStandard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.885579109 CET192.168.2.41.1.1.10x4782Standard query (0)shepherd.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:41.061320066 CET192.168.2.41.1.1.10x8d52Standard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:43.149151087 CET192.168.2.41.1.1.10x727fStandard query (0)shepherd.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:45.870116949 CET192.168.2.41.1.1.10x7165Standard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:45.870482922 CET192.168.2.41.1.1.10xe18aStandard query (0)honzik.avcdn.net28IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:46.275248051 CET192.168.2.41.1.1.10xdc4aStandard query (0)honzik.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:46.275604963 CET192.168.2.41.1.1.10x397dStandard query (0)honzik.avcdn.net28IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:00.884305954 CET192.168.2.41.1.1.10xe4e5Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:07.439310074 CET192.168.2.41.1.1.10x23fStandard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:08.396651983 CET192.168.2.41.1.1.10xd96eStandard query (0)home.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:08.919615030 CET192.168.2.41.1.1.10xbf70Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:09.538295031 CET192.168.2.41.1.1.10xb331Standard query (0)shepherd.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:09.707510948 CET192.168.2.41.1.1.10xe7c0Standard query (0)sadownload.mcafee.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:11.344912052 CET192.168.2.41.1.1.10x2e30Standard query (0)analytics.apis.mcafee.comA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 23, 2024 18:59:02.555635929 CET1.1.1.1192.168.2.40x8c6bNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.213A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:02.555635929 CET1.1.1.1192.168.2.40x8c6bNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.97A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:02.555635929 CET1.1.1.1192.168.2.40x8c6bNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.223A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:02.555635929 CET1.1.1.1192.168.2.40x8c6bNo error (0)d3ben4sjdmrs9v.cloudfront.net65.9.108.105A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)analytics.apis.mcafee.commosaic-nova.apis.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com52.35.239.119A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com35.162.223.47A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com52.36.172.150A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com52.33.149.47A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com54.212.152.25A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com44.234.203.229A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com52.40.75.238A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:52.695012093 CET1.1.1.1192.168.2.40x59b0No error (0)mosaic-nova.apis.mcafee.com52.24.71.184A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:55.592894077 CET1.1.1.1192.168.2.40xad21No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:55.592894077 CET1.1.1.1192.168.2.40xad21No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:55.592894077 CET1.1.1.1192.168.2.40xad21No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:55.676367044 CET1.1.1.1192.168.2.40x5385No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:57.921904087 CET1.1.1.1192.168.2.40x1c9bNo error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 18:59:57.921904087 CET1.1.1.1192.168.2.40x1c9bNo error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:02.123959064 CET1.1.1.1192.168.2.40x5344No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:02.123959064 CET1.1.1.1192.168.2.40x5344No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:02.123959064 CET1.1.1.1192.168.2.40x5344No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:02.884027958 CET1.1.1.1192.168.2.40x1c79No error (0)stats.securebrowser.com104.20.87.8A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:02.884027958 CET1.1.1.1192.168.2.40x1c79No error (0)stats.securebrowser.com104.20.86.8A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:04.988569021 CET1.1.1.1192.168.2.40x4a36No error (0)d3ben4sjdmrs9v.cloudfront.net18.161.108.224A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:04.988569021 CET1.1.1.1192.168.2.40x4a36No error (0)d3ben4sjdmrs9v.cloudfront.net18.161.108.174A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:04.988569021 CET1.1.1.1192.168.2.40x4a36No error (0)d3ben4sjdmrs9v.cloudfront.net18.161.108.194A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:04.988569021 CET1.1.1.1192.168.2.40x4a36No error (0)d3ben4sjdmrs9v.cloudfront.net18.161.108.59A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:10.314593077 CET1.1.1.1192.168.2.40x9e30No error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:10.314593077 CET1.1.1.1192.168.2.40x9e30No error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:16.619008064 CET1.1.1.1192.168.2.40xd769No error (0)update.norton.securebrowser.com104.20.87.8A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:16.619008064 CET1.1.1.1192.168.2.40xd769No error (0)update.norton.securebrowser.com104.20.86.8A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:20.787866116 CET1.1.1.1192.168.2.40xc0ebNo error (0)cdn-update.norton.securebrowser.comcdn-update.norton.securebrowser.com.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:22.469926119 CET1.1.1.1192.168.2.40xb329No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.108201981 CET1.1.1.1192.168.2.40x336No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.108201981 CET1.1.1.1192.168.2.40x336No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.108201981 CET1.1.1.1192.168.2.40x336No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.847207069 CET1.1.1.1192.168.2.40xc1aNo error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.847207069 CET1.1.1.1192.168.2.40xc1aNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:38.847207069 CET1.1.1.1192.168.2.40xc1aNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:39.022563934 CET1.1.1.1192.168.2.40x4782No error (0)shepherd.avcdn.netshepherd.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:39.022563934 CET1.1.1.1192.168.2.40x4782No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:39.022563934 CET1.1.1.1192.168.2.40x4782No error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:41.198158979 CET1.1.1.1192.168.2.40x8d52No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:43.288266897 CET1.1.1.1192.168.2.40x727fNo error (0)shepherd.avcdn.netshepherd.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:43.288266897 CET1.1.1.1192.168.2.40x727fNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:43.288266897 CET1.1.1.1192.168.2.40x727fNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:46.136974096 CET1.1.1.1192.168.2.40x7165No error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:46.138525963 CET1.1.1.1192.168.2.40xe18aNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:46.412964106 CET1.1.1.1192.168.2.40xdc4aNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:00:46.412986994 CET1.1.1.1192.168.2.40x397dNo error (0)honzik.avcdn.nets-honzik.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:01.022860050 CET1.1.1.1192.168.2.40xe4e5No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:01.022860050 CET1.1.1.1192.168.2.40xe4e5No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:01.022860050 CET1.1.1.1192.168.2.40xe4e5No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:07.578701019 CET1.1.1.1192.168.2.40x23fNo error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:07.578701019 CET1.1.1.1192.168.2.40x23fNo error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:08.617414951 CET1.1.1.1192.168.2.40xd96eNo error (0)home.mcafee.comhome-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:08.617414951 CET1.1.1.1192.168.2.40xd96eNo error (0)home-r53.awsconsumer.mcafee.comhome.mcafee.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:09.057338953 CET1.1.1.1192.168.2.40xbf70No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:09.057338953 CET1.1.1.1192.168.2.40xbf70No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:09.057338953 CET1.1.1.1192.168.2.40xbf70No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:09.851572990 CET1.1.1.1192.168.2.40xe7c0No error (0)sadownload.mcafee.comsadownload-r53.awsconsumer.mcafee.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:09.851572990 CET1.1.1.1192.168.2.40xe7c0No error (0)sadownload-r53.awsconsumer.mcafee.comsadownload.mcafee.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:10.245378971 CET1.1.1.1192.168.2.40xb331No error (0)shepherd.avcdn.netshepherd.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:10.245378971 CET1.1.1.1192.168.2.40xb331No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 23, 2024 19:01:10.245378971 CET1.1.1.1192.168.2.40xb331No error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    • analytics.avcdn.net
                                                                                                                                                                                    • stats.securebrowser.com
                                                                                                                                                                                    • update.norton.securebrowser.com
                                                                                                                                                                                    • shepherd.avcdn.net
                                                                                                                                                                                    • v7event.stats.avast.com

                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.44975434.117.223.223802836C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    Dec 23, 2024 18:59:55.719914913 CET175OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                    User-Agent: AVG Microstub/2.1
                                                                                                                                                                                    Content-Length: 268
                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                    Dec 23, 2024 18:59:55.719948053 CET268OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 69 72 73 5f 70 70 69 5f 39 30 32 5f 34 35 31 5f 6f 0a 65 64 69 74 69 6f 6e 3d 31 35 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41
                                                                                                                                                                                    Data Ascii: cookie=mmm_irs_ppi_902_451_oedition=15event=microstub-startmidex=3F5C7CD44D1F6AC769934CADA267B4DF1173725680D0886F5A6F9D38DE669B7Astat_session=19fb230f-7b30-4399-bcf4-24d721fda304statsSendTime=1734976794os=win,10,0,2,19045,0,AMD64exe_ver
                                                                                                                                                                                    Dec 23, 2024 18:59:56.832006931 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:56 GMT
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Dec 23, 2024 19:00:00.854119062 CET175OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: iavs4/stats
                                                                                                                                                                                    User-Agent: AVG Microstub/2.1
                                                                                                                                                                                    Content-Length: 283
                                                                                                                                                                                    Host: v7event.stats.avast.com
                                                                                                                                                                                    Dec 23, 2024 19:00:00.854140997 CET283OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 69 72 73 5f 70 70 69 5f 39 30 32 5f 34 35 31 5f 6f 0a 65 64 69 74 69 6f 6e 3d 31 35 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31
                                                                                                                                                                                    Data Ascii: cookie=mmm_irs_ppi_902_451_oedition=15event=microstub-downloadmidex=3F5C7CD44D1F6AC769934CADA267B4DF1173725680D0886F5A6F9D38DE669B7Astat_session=19fb230f-7b30-4399-bcf4-24d721fda304statsSendTime=1734976799os=win,10,0,2,19045,0,AMD64exe_
                                                                                                                                                                                    Dec 23, 2024 19:00:01.186624050 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:01 GMT
                                                                                                                                                                                    Via: 1.1 google


                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.44973365.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:04 UTC233OUTPOST /o HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:04 UTC128OUTData Raw: 7b 22 70 72 76 22 3a 20 22 30 2e 31 22 2c 22 70 6c 76 22 3a 20 22 32 2e 34 30 2e 31 2e 38 39 31 39 22 2c 22 6c 22 3a 20 22 65 6e 22 2c 22 61 22 3a 20 22 5a 61 79 61 74 73 22 2c 22 69 22 3a 20 22 47 61 6d 65 73 34 57 69 6e 22 2c 22 73 22 3a 20 22 5a 61 79 61 74 73 22 2c 22 75 22 3a 20 22 39 31 7a 62 5a 2d 31 22 2c 22 6f 22 3a 20 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 22 7d
                                                                                                                                                                                    Data Ascii: {"prv": "0.1","plv": "2.40.1.8919","l": "en","a": "Zayats","i": "Games4Win","s": "Zayats","u": "91zbZ-1","o": "10.0.19045.2006"}
                                                                                                                                                                                    2024-12-23 17:59:05 UTC489INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 16037
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Server: awselb/2.0
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:05 GMT
                                                                                                                                                                                    cache-control: no-cache
                                                                                                                                                                                    x-true-request-id: 6fa73dd0-bbd8-4fa8-a8db-a6ae2c2d640b
                                                                                                                                                                                    x-robots-tag: none
                                                                                                                                                                                    expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 2ca4ccff3a1366a36e81c34e56cb1296.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: s_PnqKEwgz5c6eANIsCj5iG0iWxuNVia4TB72en6xzm-OHFH-RSi9g==
                                                                                                                                                                                    2024-12-23 17:59:05 UTC15895INData Raw: 7b 22 76 22 3a 22 30 2e 31 22 2c 22 6c 22 3a 22 55 53 22 2c 22 69 22 3a 7b 22 63 75 22 3a 22 6d 61 67 6e 65 74 3a 3f 78 74 3d 75 72 6e 3a 62 74 69 68 3a 38 42 30 32 33 34 33 33 42 42 31 34 30 43 43 37 35 35 43 36 42 38 31 36 36 43 44 45 30 32 33 44 42 34 34 46 43 46 41 37 22 2c 22 63 74 22 3a 22 56 69 6f 6c 61 74 65 64 20 48 65 72 6f 69 6e 65 22 2c 22 63 70 22 3a 22 22 2c 22 63 74 75 22 3a 22 22 2c 22 63 6c 22 3a 22 22 2c 22 63 68 22 3a 22 67 61 6d 65 66 61 62 72 69 71 75 65 22 2c 22 63 61 22 3a 22 76 35 2e 38 33 22 2c 22 63 66 22 3a 22 6d 61 67 6e 65 74 3a 3f 78 74 3d 75 72 6e 3a 62 74 69 68 3a 38 42 30 32 33 34 33 33 42 42 31 34 30 43 43 37 35 35 43 36 42 38 31 36 36 43 44 45 30 32 33 44 42 34 34 46 43 46 41 37 22 2c 22 63 70 69 22 3a 22 22 2c 22 63 70
                                                                                                                                                                                    Data Ascii: {"v":"0.1","l":"US","i":{"cu":"magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7","ct":"Violated Heroine","cp":"","ctu":"","cl":"","ch":"gamefabrique","ca":"v5.83","cf":"magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7","cpi":"","cp
                                                                                                                                                                                    2024-12-23 17:59:05 UTC142INData Raw: 7d 5c 5c 52 41 56 41 6e 74 69 76 69 72 75 73 5c 5c 41 6e 74 69 76 69 72 75 73 49 6e 73 74 61 6c 6c 65 72 4c 69 62 2e 64 6c 6c 22 2c 22 7b 63 6f 6d 6d 6f 6e 70 66 36 34 7d 5c 5c 52 41 56 41 6e 74 69 76 69 72 75 73 5c 5c 41 6e 74 69 76 69 72 75 73 49 6e 73 74 61 6c 6c 65 72 2e 65 78 65 22 5d 2c 22 6f 76 22 3a 31 30 30 2c 22 63 62 66 6f 22 3a 74 72 75 65 2c 22 78 22 3a 31 30 2c 22 76 22 3a 31 7d 7d 5d 2c 22 63 22 3a 22 22 7d
                                                                                                                                                                                    Data Ascii: }\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.44973465.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:07 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004a
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                    Content-Length: 289
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:07 UTC289OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 33 31 33 30 30 30 34 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 31 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 31 5c 22 2c 5c 22 37 5c 22 3a 5c 22 32 2e 34 30 2e 31 2e 38 39 31 39 5c
                                                                                                                                                                                    Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223130004\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"\",\"18\":\"\",\"19\":\"noChGroupx1\",\"21\":\"gamefabrique\",\"6\":\"1\",\"7\":\"2.40.1.8919\
                                                                                                                                                                                    2024-12-23 17:59:08 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 15
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:08 GMT
                                                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 3795f016a55ba5101e4bd9359c7bc306.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: yKvfuGDyufCh66VMNX5y_I0MDwwW5QTOomhZLh9nqCHhcTQTrEtAZQ==
                                                                                                                                                                                    2024-12-23 17:59:08 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                    Data Ascii: {"Status":"OK"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    2192.168.2.44973665.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:11 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004a
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                    Content-Length: 370
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:11 UTC370OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 33 31 33 30 30 30 34 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 63 6f 6d 70 61 6e 69 6f 6e 32 30 31 36 46 46 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 65 62 63 6f 6d 70 61 6e 69 6f 6e 46 46 5f 6e 65 77 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 31 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72
                                                                                                                                                                                    Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223130004\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"Webcompanion2016FF\",\"18\":\"ZB_WebcompanionFF_new\",\"19\":\"noChGroupx1\",\"21\":\"gamefabr
                                                                                                                                                                                    2024-12-23 17:59:12 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 15
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:12 GMT
                                                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 90cdff7228f895ed6ae34a9448571062.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: 8_94ILec9md4jg2uPFy5Yip0Z9cE0CVCE4TjJqGyNFPRiopsOF-29Q==
                                                                                                                                                                                    2024-12-23 17:59:12 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                    Data Ascii: {"Status":"OK"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    3192.168.2.44973765.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:14 UTC136OUTGET /f/AVG_AV/images/1509/EN.png HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:15 UTC608INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 53151
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Last-Modified: Wed, 01 May 2024 12:21:17 GMT
                                                                                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                                                                                    x-amz-meta-cb-modifiedtime: Tue, 30 Apr 2024 07:13:32 GMT
                                                                                                                                                                                    x-amz-version-id: t0aKL0R4FYtf2ry_kAUySb7zudCs2Esv
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 09:13:00 GMT
                                                                                                                                                                                    ETag: "aee8e80b35dcb3cf2a5733ba99231560"
                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                    Via: 1.1 56706a0e74c90535106878a6a2f1475c.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: p1s_1mPz_lsSc2C0xJE1rst1Erh-lMtBvPPpeLnDVYhWTwd5uZX4pA==
                                                                                                                                                                                    Age: 31576
                                                                                                                                                                                    2024-12-23 17:59:15 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 23 00 00 01 18 08 06 00 00 00 8e 7f f6 42 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 cf 34 49 44 41 54 78 01 ec fd 09 98 1d c7 79 1e 0a bf 75 ce 99 7d c7 be e3 80 04 57 91 22 a8 d5 92 28 73 20 d9 f1 1a 13 94 1d c9 89 9d 70 90 dc eb dc fc ce bd 04 f3 c4 51 9c dc 84 83 3f 71 6c 3d c9 0d c1 27 cb 9f 38 b9 17 83 9b 45 b6 6c 99 a0 17 59 b2 2d 61 68 ad d4 46 50 0b 77 10 07 fb 8e d9 d7 b3 d4 5f 5f 75 55 77 75 77 f5 72 06 33 58 c8 7a c9 c6 e9 ae fa aa ea ab ea 9e fe de fe 6a 63 70 70 70 68 0e 9f da cd e1 e0 90 85 4f 1e 61 70 70 70 c8 85 02 1c 1c 1c 1c 1c 1c 1c 1c 6e 20 1c 19 71 70 68 1e 15 38 38
                                                                                                                                                                                    Data Ascii: PNGIHDR#BpHYssRGBgAMAa4IDATxyu}W"(s pQ?ql='8ElY-ahFPw__uUwuwr3XzjcppphOapppn qph88
                                                                                                                                                                                    2024-12-23 17:59:15 UTC16384INData Raw: c1 73 9b 52 b7 ca 71 25 13 05 b9 54 39 82 ae 97 34 43 73 5c fd ea 73 7a e9 0c aa 73 dd e5 a1 87 ac f7 ab b0 31 a3 7c 93 30 65 c5 47 31 68 d4 85 f4 3d 82 e0 45 58 36 74 38 62 c8 3c a9 e2 0f 20 70 1d 6b 19 1d ae eb 34 ac ce 07 8d 32 75 9d 76 21 ee 59 d1 5f 85 4f aa f2 86 55 7b 44 eb 61 96 01 84 ef 49 b4 1e 51 1c 88 94 31 a6 d2 96 23 f5 3e 88 78 db 8f 20 dc b6 43 2a 6e 0f 82 fa ef 89 e8 36 18 d1 2d fa 3c 3c 66 e4 69 c6 ef 43 d0 b5 f7 38 82 af 65 dd 1e bb 8c 3c 9e 8c e8 f5 a4 11 b7 c7 08 3b 62 c8 d9 8c 5b 39 92 b7 d9 ee bb 10 7e 0e d2 da f8 88 aa b3 59 cf 17 10 ee be 4b d3 d9 56 47 f3 9e 6b 3d 9f 31 74 2a 27 e8 a1 ef cb 20 e2 ed c0 23 e5 96 11 6e 23 b3 fe d1 76 d1 ed 17 6d 97 17 90 dc 2e 50 f9 25 3d ab 49 65 e8 e7 11 09 65 46 ef 85 ae 77 f4 19 5f 12 29 d1 b3
                                                                                                                                                                                    Data Ascii: sRq%T94Cs\szs1|0eG1h=EX6t8b< pk42uv!Y_OU{DaIQ1#>x C*n6-<<fiC8e<;b[9~YKVGk=1t*' #n#vm.P%=IeeFw_)
                                                                                                                                                                                    2024-12-23 17:59:15 UTC16384INData Raw: d3 53 ce 91 5e 3f f7 b0 e8 65 3e f3 74 4e cf 83 f9 4c 8f e0 da 30 1a f9 25 1c 8e fc 12 86 11 cc 6a d3 63 6d 2a 08 06 68 27 61 b7 ca 5b 4f 6b a6 76 dd 8f 5b 84 88 10 16 5a e7 07 21 07 ad 7a 2f 5e 73 59 6e 86 b0 c9 33 bf 26 ad 5e 91 84 77 77 46 74 3a 72 1b 85 95 44 1e 62 c0 12 e5 72 da e5 7c bd 5d cd 42 a9 d5 b0 76 4f 19 3a 27 56 81 a5 55 2d b9 cc 66 64 6d 65 a6 c9 e7 91 4b 2b 92 2d 2d 5d 42 6e 30 49 e4 ca 80 c6 8a 30 f1 72 e4 c2 e8 5c 3b 11 b1 a1 ac 7e 2b 09 f1 fa 45 a8 bd 1d 49 f1 95 25 a4 bd 16 bd 4c 39 32 2c 23 b0 77 7b 68 99 34 1d b2 e2 57 0a 59 ed 53 56 bf 15 64 a3 8c f4 7b a4 7f 2b f0 0c 20 7d 7d 0f 18 f2 69 f7 71 a9 c8 ca b3 8c e6 db 7d 39 f4 cc ca 63 25 da a2 19 2c b5 fc 6b f9 7b bb a1 58 fc bd ee af 0a 02 f2 41 7d ad 07 ad 7a 1c 80 f9 1f 91 b3 8d
                                                                                                                                                                                    Data Ascii: S^?e>tNL0%jcm*h'a[Okv[Z!z/^sYn3&^wwFt:rDbr|]BvO:'VU-fdmeK+--]Bn0I0r\;~+EI%L92,#w{h4WYSVd{+ }}iq}9c%,k{XA}z
                                                                                                                                                                                    2024-12-23 17:59:15 UTC2016INData Raw: 18 16 3f 58 40 25 a3 82 ed 64 10 eb 52 16 1f 65 ec 19 69 ed 29 a1 a2 82 04 2d a9 6c 71 5f 01 de 75 e6 2e aa b8 e3 1a f5 26 0a 69 54 34 e1 7e 8d b7 aa ac 9d 3e 3e 3d 8b ce 75 8f a1 b1 a3 7a dd 61 45 9f 9e af a4 9e 78 f8 71 32 5b 3f fc 10 ee 13 00 6e 51 e6 cf 9f ef c8 cc cd ee 0c a7 11 ff f1 0a 6a bc 7a 83 b7 d9 aa 69 3c 5b bf 7d 7a 03 14 e6 29 39 8c 5d 36 f5 f3 6b cc f4 7a 06 35 ba b6 f2 4d e5 91 e5 b8 dc af 1c b3 c0 b0 1d 93 df 39 73 7c bc 12 a6 7a 0e 17 bd 2e b6 e3 d3 cb f3 44 46 d0 f1 99 f0 fb ad 4c e7 23 ec 35 a0 e4 dd 90 87 01 ac 94 f2 86 e8 23 a3 39 2e 35 4d 7b 64 60 24 71 a6 ae 03 95 16 e1 21 9f 8f ce c4 a7 c5 8b cc 53 22 42 64 c0 26 41 f9 46 a6 70 3f 7c 69 0a d5 dd 7d 8c 7e bf f2 0c 15 44 92 74 e8 d2 54 f7 ad 9b d2 c2 04 fd e4 8b d4 8c b1 0f 4e ba
                                                                                                                                                                                    Data Ascii: ?X@%dRei)-lq_u.&iT4~>>=uzaExq2[?nQjzi<[}z)9]6kz5M9s|z.DFL#5#9.5M{d`$q!S"Bd&AFp?|i}~DtTN
                                                                                                                                                                                    2024-12-23 17:59:15 UTC1983INData Raw: 9f 47 14 eb a2 58 f3 6e 2a 62 3b 99 8e 3e 76 3c fb 0f e9 49 7f 98 08 8e 79 f3 e6 b9 02 e4 cc 99 33 b4 68 d1 22 7a f9 e5 97 69 f9 f2 e5 b4 72 e5 4a da be 7d bb db 77 f9 ea ab af d2 4b 2f bd e4 8a 92 e6 e6 66 7a eb ad b7 e8 ce 3b ef a4 9a 9a 1a 88 91 91 42 04 c9 47 7f bd 87 92 d1 2d 7c 09 56 5b ed 58 64 50 d4 59 4d 7f f0 a3 66 2f 2a ed 61 90 85 d8 4b f2 0a ff 71 7c c0 71 0d e2 d5 e0 6d 11 38 7b 79 59 c3 37 bc f5 bc ef f9 b3 67 cf 3e 93 b6 95 31 29 55 ec c5 a8 17 5b de bf 86 f7 57 f1 f2 8e a4 e7 fd ee 38 15 be 01 ac e3 fd eb 78 7f 8d 08 1f 4a 89 88 6f 78 76 62 c3 fb ee d2 ab ca 69 aa 38 ed 0b 62 cb cb 61 b6 97 fc 24 6e 0d af cb a7 4d 9b b6 d9 ab 0b c8 0d fc 77 bc 71 f7 6e e7 cd bd 7b 7f 34 b3 b3 f3 ea d2 2b 57 5a bf d9 d3 d3 fd 30 7b ae 1e e4 f3 9f d5 3d d3
                                                                                                                                                                                    Data Ascii: GXn*b;>v<Iy3h"zirJ}wK/fz;BG-|V[XdPYMf/*aKq|qm8{yY7g>1)U[W8xJoxvbi8ba$nMwqn{4+WZ0{=


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    4192.168.2.44974065.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:17 UTC148OUTGET /f/NORTON_BRW/images/1494/547x280/EN.png HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:18 UTC597INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                    Content-Length: 47501
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:19 GMT
                                                                                                                                                                                    Last-Modified: Wed, 03 Apr 2024 08:33:15 GMT
                                                                                                                                                                                    ETag: "1cd4a2b4a992acc9235d9facd510e236"
                                                                                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                                                                                    x-amz-meta-cb-modifiedtime: Mon, 01 Apr 2024 07:08:58 GMT
                                                                                                                                                                                    x-amz-version-id: GXWdY.78zRFPXaJLr7zePWokY7HIn4lm
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 c71f0b857dc0e27dad67e2b7cd440f10.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: ZmMRpiM2aJ2H1rq8mv6eVG7xHJDcWm5DiWPctzrlfGC_UCEceTdqmg==
                                                                                                                                                                                    2024-12-23 17:59:18 UTC15787INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 23 00 00 01 18 08 06 00 00 00 8e 7f f6 42 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 b9 22 49 44 41 54 78 01 ec fd 09 98 1c c7 75 26 8a 9e ac ea 15 68 a0 1b 3b 17 50 28 50 dc 21 11 0d 51 d6 62 2d 68 48 d6 e6 65 08 8c 48 8e 3d b2 cc 86 ed 2b 79 3c d7 66 63 e4 b1 ef 6c ea c6 d8 e3 37 b4 9f 0d c0 be 77 be 79 1e fb a2 e1 f1 f2 2c 7a 3e 80 1a 5b be 96 25 a1 a1 a1 2d 4a 32 84 06 29 2e e2 02 34 48 90 00 b8 a1 b1 f5 5e 95 f7 fc 91 71 b2 4e 45 65 d6 d2 0b 96 ee f8 f1 25 32 33 f6 88 cc ae f3 e7 39 27 22 88 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c 3c
                                                                                                                                                                                    Data Ascii: PNGIHDR#BpHYssRGBgAMAa"IDATxu&h;P(P!Qb-hHeH=+y<fcl7wy,z>[%-J2).4H^qNEe%239'"<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
                                                                                                                                                                                    2024-12-23 17:59:18 UTC1114INData Raw: 0a ac b9 5c 0e 7e 24 41 b5 a9 bd 2e 2a 69 45 0e 1e 3c 68 88 05 f6 85 c1 81 85 cc 3e fd e9 4f d3 13 4f 3c 61 e2 b1 b2 25 56 50 85 b6 04 58 be 7c b9 59 4d 75 ff fe fd 94 be 59 9f 87 c7 95 87 a7 ca 1e 1e 1e 1e d3 84 35 d5 18 42 22 66 9a 75 eb d6 05 7f f3 37 7f 13 32 21 c9 bc fe fa eb 61 e5 5d 7b a9 ae f5 44 3e fb d9 cf d2 be 7d fb 4a 56 52 45 7e 2c e9 2e 80 96 46 c3 bd f7 b8 f6 60 1c a5 b1 31 e3 3c 26 94 9e 8c 78 78 78 78 4c 13 61 34 c7 37 03 81 8f 9d 6b 81 13 27 4e 84 b7 dc 72 0b 56 60 0d f3 f9 7c ea ae bd f5 f8 89 08 56 ae 5c 49 5f f8 c2 17 c8 e3 da 41 58 98 a2 b1 8b c3 14 3a 6b c7 64 1b 9a a8 79 51 7b d5 fc 05 ce 3f 7e d1 ee 8e 80 3d 86 16 77 b0 96 2b 4b f3 0d 5e 6f e7 e1 e1 e1 51 27 40 1c f0 b5 8a bd 69 60 ae 81 03 ab 06 cc 34 38 c3 4c 33 9b 3e 23 d8 51
                                                                                                                                                                                    Data Ascii: \~$A.*iE<h>OO<a%VPX|YMuY5B"fu72!a]{D>}JVRE~,.F`1<&xxxxLa47k'NrV`|V\I_AX:kdyQ{?~=w+K^oQ'@i`48L3>#Q
                                                                                                                                                                                    2024-12-23 17:59:18 UTC16384INData Raw: f6 0e cf a8 4d f1 98 85 7b b8 df 07 68 ae b0 63 f4 41 fe ab ec e3 ab 1c f7 61 07 3f b7 dd 34 5b d8 31 f2 50 54 76 d0 c1 af e5 26 da dd 34 48 f3 1d a6 cf c4 7f 3b 18 cf 70 db ac 3c bb 9e 8b dd fc b7 f8 20 8f e1 8e ab 7a 0c 7b ce f2 73 6e de 9f fa b7 7a 0d 00 ab af f2 41 0f 3c f0 80 21 1c 32 b5 57 03 2b a1 26 a1 16 dd 45 52 1a 10 10 08 55 f8 7d 40 83 01 1f 0f 38 9d c2 b1 15 be 1e 10 88 20 2a f0 19 41 d8 7c d4 72 d4 8b fc c4 78 cd 44 44 80 d4 53 63 97 ca 34 11 28 67 62 f4 3c 7d f7 7b 4f d0 37 ff d7 63 46 4b f5 c3 3f fc c3 f4 ab ff fa f3 ac b6 fa 36 d1 c4 57 b8 c2 97 68 e3 ad 1f a2 a0 f9 93 f4 f2 a9 a5 66 0f 21 ac 0d 03 d3 1a d6 83 c1 73 71 51 60 b2 93 61 22 e2 d6 07 53 ce d4 c4 98 a9 07 0e b7 82 f9 b8 80 dd 2c 69 46 02 90 82 2e 3e 86 12 e2 8e da 73 2e 4a c3
                                                                                                                                                                                    Data Ascii: M{hcAa?4[1PTv&4H;p< z{snzA<!2W+&ERU}@8 *A|rxDDSc4(gb<}{O7cFK?6Whf!sqQ`a"S,iF.>s.J
                                                                                                                                                                                    2024-12-23 17:59:18 UTC14216INData Raw: 24 26 2d ae 21 2c 2c 11 d9 cb c7 51 0e de 87 f2 39 ed 7e 9a 3e 36 43 48 e9 83 94 19 00 c2 cc 12 1f 23 9c f0 95 ce f7 fb f8 bc b3 50 28 40 18 76 4a 5a 16 7e 47 f8 74 88 85 e1 16 8e 3f 9a d2 ae 8d 8e c9 a0 17 c2 d7 0a 44 29 7b 07 fa a5 cc 53 5d 54 6a 4e d2 e6 25 c9 77 94 05 f8 80 ae 08 63 c5 27 90 c3 3d 68 2f 88 9d 2a b3 d3 c6 1d 42 7d 1c f7 50 82 39 c4 98 d9 ac 69 ce 5c a3 2e 08 66 e4 e1 fb 5d f2 2c 41 42 41 86 ac d6 e2 51 ce 53 d6 77 a4 c5 b3 03 d1 e0 b1 d9 ae eb e4 f3 2e be 5f c6 e1 3b 78 5c 4d 7e 6b fe 1a b0 04 68 c0 1e 78 8f 1e 52 a6 b1 5e d5 5f 90 86 75 ba dd 20 1e f6 5d 39 47 96 88 20 9c e3 0d c9 c5 33 c5 38 80 d0 72 f8 76 8c a7 1d 37 3c 7b 8c ab 79 9e 78 d6 96 48 79 5c 85 10 13 0d d4 23 b2 ce 08 90 34 b5 37 d1 4c 63 42 a2 45 ce ca 4c 34 a1 9f 59 e3
                                                                                                                                                                                    Data Ascii: $&-!,,Q9~>6CH#P(@vJZ~Gt?D){S]TjN%wc'=h/*B}P9i\.f],ABAQSw._;x\M~khxR^_u ]9G 38rv7<{yxHy\#47LcBEL4Y


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    5192.168.2.44974565.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:34 UTC142OUTGET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:35 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/x-zip-compressed
                                                                                                                                                                                    Content-Length: 527389
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Last-Modified: Tue, 26 Mar 2024 13:11:30 GMT
                                                                                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                                                                                    x-amz-meta-cb-modifiedtime: Tue, 26 Mar 2024 13:10:42 GMT
                                                                                                                                                                                    x-amz-version-id: 7sn0EuMWH3aYiKrbA4lOPgyoNDAU9iIf
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 09:24:39 GMT
                                                                                                                                                                                    ETag: "f68008b70822bd28c82d13a289deb418"
                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                    Via: 1.1 3795f016a55ba5101e4bd9359c7bc306.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: xRRvUmzphjyGh99puiJ15xDMcEumTY86PHj8-uJvLFlyp1d-mlH1CA==
                                                                                                                                                                                    Age: 30896
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: 50 4b 03 04 14 00 00 00 08 00 9b 5c 7a 58 1c 99 c3 c5 a9 0b 08 00 80 11 12 00 09 00 00 00 73 61 42 53 49 2e 65 78 65 e4 5a 7f 70 54 d7 75 be 2b 69 a5 d5 8f 65 57 20 63 d9 c8 f1 da 26 8e 9a c1 92 6c a1 09 13 8b c9 82 59 5b 06 01 8b 2d 40 60 01 c2 08 f1 90 65 90 b1 b0 e5 16 3b 72 05 54 ab 95 1c 4d 4a 33 b4 61 dc 5d ad dc 68 3a 9a 56 46 3f d8 75 15 b3 c4 54 12 1d 1c 2b ad 9a 28 29 d3 ca 89 3b f3 1c d4 76 93 12 5b 76 15 d4 f3 9d fb f6 bd dd d5 92 e0 bf b3 03 f7 5d 9d f7 9d ef 9e 73 ee bd e7 fe d8 dd bc bb 5b a4 0a 21 d2 e8 ff c2 82 10 41 21 3f 4e f1 fb 3f 25 26 21 96 dc fb ce 12 31 94 f9 fe 7d 41 53 e5 fb f7 55 29 87 5f 74 34 1d 3b 7a e8 d8 fe e7 1d 07 f6 1f 39 72 b4 d9 f1 ec 41 c7 b1 e3 47 1c 87 8f 38 36 6c 7d da f1 fc d1 ba 83 45 56 6b d6 4a 8d e3 11 db 87
                                                                                                                                                                                    Data Ascii: PK\zXsaBSI.exeZpTu+ieW c&lY[-@`e;rTMJ3a]h:VF?uT+();v[v]s[!A!?N?%&!1}ASU)_t4;z9rAG86l}EVkJ
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: d4 86 29 b5 21 4a 6d 20 dd dc 3f cd bc a4 c3 4c 4d cb 4b 26 b6 e9 52 33 78 49 ff 71 23 35 c9 4b 06 78 6a cd 94 5a 13 a5 16 48 b7 3c 4c 33 2f 59 bc 4d a6 a6 e5 25 67 68 53 33 78 c9 3b 8f 19 a9 49 5e 32 cc 53 eb a5 d4 7a 28 b5 70 ba 15 64 9a 79 c9 eb 7b 65 6a 7b 1c 9a d4 ca 7a 75 a9 19 bc e4 da 01 23 b5 f4 bc e4 90 e4 25 87 38 2f 39 2c 79 c9 84 e0 25 4f 1d 4b cf 4b 36 6e c5 1b 5b 2c 42 ff b2 35 cd 22 f4 e7 37 31 8d fb 3f 9f 99 81 97 cc f1 08 5e 32 b6 d1 d8 1d 66 67 3a 73 d9 8f e4 a7 5b 52 79 49 57 a7 b1 1d 8c ab bc b8 ea 95 2d 13 f3 92 0b 3d 82 97 6c 31 6c 7d b0 bd 1e b6 2b b6 68 f7 63 06 b7 f2 e5 8c 78 c9 80 47 f0 92 8d 78 12 e0 3d 9d c2 4b 26 3a b1 e3 0b c9 79 5b d0 20 b6 fd 12 85 97 f4 75 19 54 83 07 fb 25 4d 30 b9 62 8b 6d bf 64 11 f9 27 5e 32 2c 9f e7
                                                                                                                                                                                    Data Ascii: )!Jm ?LMK&R3xIq#5KxjZH<L3/YM%ghS3x;I^2Sz(pdy{ej{zu#%8/9,y%OKK6n[,B5"71?^2fg:s[RyIW-=l1l}+hcxGx=K&:y[ uT%M0bmd'^2,
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: be cb 8f ff db b1 fd 37 c7 f5 ff ed c1 e3 9f fc 7f 35 fe cd 38 fe df bf cc f8 ef 55 c7 ff 6d 65 fc c7 c5 8f 7f 91 9a 74 6a 6e 34 36 6b 16 71 58 31 9b 20 e8 85 96 62 57 65 0d aa 33 c0 78 40 4c cd 72 d1 94 71 c0 23 e1 a7 cd 15 12 13 3d 21 d1 1c 12 8d 85 c5 54 07 fa 22 79 c6 86 7e 02 ff de 34 d2 0c 7c 2f bd 8d ea 27 28 4e e9 c4 18 7a cb a8 9f 8e d8 fe d3 24 4c 57 d5 80 db f8 ab 2c 92 63 37 62 fa 08 a8 67 a0 3f b1 2d ed f8 e3 42 3d 4a 88 64 b5 65 62 8f bd 47 34 60 82 d0 d6 a0 9e e4 25 92 02 ab c7 ed 42 cb d6 1f 31 ae 0b 24 e3 56 c9 b9 77 c3 25 2e 09 04 ca d9 67 4c 66 a7 d5 94 dc 68 9a 9f b0 b5 17 f3 44 df 95 50 0d df ab d2 64 47 1b 2c 5f 67 4c 63 8c 36 ba a4 1e 40 73 b4 bd b5 f5 29 0d f7 0b dc 5b d4 f4 97 f6 94 a6 ff 68 f8 b9 c8 71 18 1f e9 dc ab 03 e9 d6 df
                                                                                                                                                                                    Data Ascii: 758Umetjn46kqX1 bWe3x@Lrq#=!T"y~4|/'(Nz$LW,c7bg?-B=JdebG4`%B1$Vw%.gLfhDPdG,_gLc6@s)[hq
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: 2c 4f 70 8b 5b 6b f0 7c b9 b7 3e e8 ed 54 4e c9 3b 32 13 c7 fb fc 8b b1 ac e3 dd 05 31 10 01 6b c2 f8 f7 5c 88 7f 31 93 2b f7 f3 9a e9 41 aa 58 58 7e 2b eb 59 bd d2 eb 57 b0 b6 5f b4 b8 cc ea 37 56 7a 9a ff fc 44 38 00 85 8e b7 ac b0 1c 87 01 b6 7c 27 4a 69 91 96 36 a0 44 7d 5c 61 97 40 5e ef d5 6c fd dd 78 6e 5a b3 95 b8 f9 86 ad a1 e5 ef 1c 56 07 8b 40 84 51 26 64 e5 ba ec d4 44 84 b7 49 c4 08 c0 ed e0 f2 46 21 2c 53 ba b9 1e c0 63 33 15 2c 19 97 71 48 5e fe 10 58 dc 22 f6 b8 23 e3 a4 bc b4 08 ae 65 2f 4e 00 58 ed 70 31 db c7 76 3a f7 38 6b b0 58 22 9d a0 3d e4 dd 23 67 1c 78 c2 c6 0e e8 10 0e cd 19 c7 9e 48 f8 38 68 40 38 88 9c 7b ec d9 5b a3 af a7 f7 f4 58 41 c7 d3 de 4a e1 cb e6 0a ba 0b e5 72 ea 4d de 23 1d 6a 96 b9 82 4e 17 bf 33 2a 6b 80 71 7b 71
                                                                                                                                                                                    Data Ascii: ,Op[k|>TN;21k\1+AXX~+YW_7VzD8|'Ji6D}\a@^lxnZV@Q&dDIF!,Sc3,qH^X"#e/NXp1v:8kX"=#gxH8h@8{[XAJrM#jN3*kq{q
                                                                                                                                                                                    2024-12-23 17:59:35 UTC14808INData Raw: 8f 7b f1 1f 5c 89 2e 9d d8 bb 1a 77 a1 ef 26 3e 87 2e 86 1c e5 a6 3f a1 5b 17 3e e1 71 29 78 84 fe 3a 49 2b ed 7e 1d cf 68 36 ac db 85 c7 5a 9b c4 6b 00 ce d7 42 e1 37 9e 09 c1 e0 dd e9 00 d8 b9 86 1f be 45 04 5f ed c0 3c d3 18 1f 09 4f 9b 84 51 ab 07 36 fe 1a 2b 6b cc 88 46 2c 37 36 62 37 62 d9 ca 0d 50 57 77 b8 ae 7a a8 eb ec d8 c5 f5 c1 6e ba 8e dd 0d 02 3b ab a6 ac 09 28 6b d0 bd d4 c5 7d 5b 49 c0 c6 1d e9 b4 36 e7 8d 37 bd 6a 72 f3 6b f6 d0 a3 27 fa cb f1 0e 17 8f 6f 35 fa 38 c6 ef 5e ef eb 9a 09 42 7d c1 6f 07 0a 3a 3c a3 5f 5c a6 64 a6 dc 05 d2 cd 6a e6 a8 0a f0 39 9f 29 95 2a 9e a7 cf 65 ca 3c 55 b1 a8 ca 44 a6 cc 57 95 24 55 01 51 f2 a8 4a a2 aa 8c 67 ca 22 55 a1 00 73 ca 12 b7 5a 63 57 6b 8a 54 05 3a 83 4b 6c 77 f2 79 bb 43 bd 64 c3 50 a3 97 78
                                                                                                                                                                                    Data Ascii: {\.w&>.?[>q)x:I+~h6ZkB7E_<OQ6+kF,76b7bPWwzn;(k}[I67jrk'o58^B}o:<_\dj9)*e<UDW$UQJg"UsZcWkT:KlwyCdPx
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: 3c 16 8d 5f a9 20 f3 d7 47 6b 7d 1e a2 8c 62 67 70 e9 7c a0 1c a5 28 45 23 1b f6 60 3b 52 ad 58 33 07 9d 51 d4 23 e6 51 7f 3b 8f 1b bc 38 40 ef 04 e0 51 e8 c9 45 a9 68 c1 22 a1 d0 ae 4a 87 f2 57 c2 9b 93 0f 29 5c 07 71 06 5f c6 ad 8d e2 e0 88 5a d2 5a d2 91 64 7e 86 a2 be be 9d 97 ea 3d 14 d0 a6 67 08 11 5f f5 3d 15 d0 57 7d 31 5a a1 5f e8 e0 21 4e f9 30 7b ed 13 f2 d7 ba 98 2d d8 16 89 b9 f6 ad 03 63 0e 4f 3e 32 63 1a 10 57 f3 07 5a 0c 9b 96 86 92 a0 8e c5 1c a5 2e 83 4a ac 7a 7f 39 a7 aa 47 ed 3b d0 71 86 ac 20 58 20 c4 83 2b 41 19 ed 16 c5 d5 ef 63 c3 1b 11 6c 0b 07 b1 18 e6 ba 04 b0 02 9d 1a 74 96 8b ae 36 ac 89 c2 9c c1 7a 64 4d f6 7e 29 54 a4 ed c7 0c d5 06 3b b9 28 1d 51 89 27 5e 5d d0 f0 ac e0 cb b8 c3 e3 04 c4 cd 01 c4 01 d1 8a de 93 b8 96 d8 b8
                                                                                                                                                                                    Data Ascii: <_ Gk}bgp|(E#`;RX3Q#Q;8@QEh"JW)\q_ZZd~=g_=W}1Z_!N0{-cO>2cWZ.Jz9G;q X +Aclt6zdM~)T;(Q'^]
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: 84 e2 87 43 cd d4 c8 b9 90 a6 8e 9f 9a a5 d2 cf eb ff 18 e7 4f 7a 64 5e 81 02 f9 24 9d 7c 0b 8a b2 24 f8 85 aa 71 b2 c6 24 d7 f5 cb 8e 81 95 49 c4 00 04 96 e9 18 7d 21 16 1e 5b c3 ce 31 80 9f 0b 7e 0f c8 91 fd 8c 58 0c ab 39 21 2a 36 da 77 b8 69 8b 39 42 63 d2 d1 ba 23 31 2a f6 16 9e af c6 e3 75 f4 e7 cb e9 2e a0 b6 6e 6a 46 a3 08 07 70 b2 46 d6 30 71 f6 fb 5a 2c 61 33 d5 12 93 bc ce ac 6a 48 22 7b fe f4 08 e4 f3 81 ef e9 07 90 01 72 01 9e 60 3b 5b 95 0e 5c 80 0a 74 91 25 f8 1d 72 3a 62 b7 12 0b fb 54 06 fb ea ef ba a9 21 0c b7 f7 9e 61 30 f7 4f 88 83 79 20 5f 2e b1 b8 50 fb 47 ab b2 01 68 e7 00 de 96 2b c9 22 1d f2 ba e9 23 18 25 d2 19 6d 40 b2 ae c7 8f 5f 7f 77 98 03 7b 60 ed a2 9e 5c 32 98 ab 4d e5 61 eb 55 80 82 46 f2 76 39 6a 5a 9a df 84 62 ce 53 1f
                                                                                                                                                                                    Data Ascii: COzd^$|$q$I}![1~X9!*6wi9Bc#1*u.njFpF0qZ,a3jH"{r`;[\t%r:bT!a0Oy _.PGh+"#%m@_w{`\2MaUFv9jZbS
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: 85 55 c8 ee 0a 25 38 56 75 69 ed 25 fb 6b 74 4f bb 3a 52 82 3e d7 38 5d 39 da 48 38 54 c8 f9 5d 2a 00 f3 79 d9 11 7e 1e 35 10 0d 0f 56 49 e1 5e 45 7d 14 97 74 6c 59 87 2b 47 af dc 48 2b 47 9d ef e0 02 77 e8 50 c9 1b 35 7a 55 bb fb b0 fa e8 d3 92 40 fa 2d 18 15 6f 40 2b 66 bc 8e 24 c4 0b 70 2a 0d 79 29 21 eb 15 c8 ca 88 64 54 04 7b b5 10 9d 68 21 7a 09 22 9a 80 22 61 77 8d 8d dd fd 88 9d a7 3b 65 3d 6b 9c c0 2a ed a6 be bd 9b ac 93 28 c1 71 34 d0 04 3f dd b9 23 4e 7f 28 75 0c aa 3f 9c d4 77 b4 42 53 f5 1d 6d f4 77 fb 79 ba 58 17 b3 8c 72 7b e1 46 ad 6e 0a 6c 05 7b 1f 10 f7 12 d2 66 de 89 0e d4 31 76 9d 17 3a 46 4b 79 a1 14 2d 2f a2 8e 2f 1f 2f 7e 26 89 9f 62 f1 33 59 fc 4c 11 3f d3 c4 4f a9 f8 99 25 7e 66 8b 9f 80 f8 79 50 fc 2c 15 3f 73 c5 8f 57 fc dc 2d
                                                                                                                                                                                    Data Ascii: U%8Vui%ktO:R>8]9H8T]*y~5VI^E}tlY+GH+GwP5zU@-o@+f$p*y)!dT{h!z""aw;e=k*(q4?#N(u?wBSmwyXr{Fnl{f1v:FKy-///~&b3YL?O%~fyP,?sW-
                                                                                                                                                                                    2024-12-23 17:59:35 UTC16384INData Raw: f8 d5 22 d0 08 28 f5 64 2c 65 2c 4a ba b1 06 ed 41 eb ba 38 30 07 23 66 48 63 e5 f2 05 a6 8f 72 27 5f 7d 91 d0 f3 46 a0 fd 5f e1 96 77 5b d3 c7 34 4a 84 81 0d 66 f5 ba d7 80 ae 57 8c ba de ed 52 a8 0c e0 45 69 d2 5b a3 34 7f 4a 20 fb 93 b5 a3 f2 5c 7e e5 45 03 da 11 28 5e e5 f9 5c 85 37 9d c7 24 52 fc a2 d6 04 bc 20 71 06 7e 6b 24 5a a0 b8 67 eb 98 70 61 d0 a5 77 a0 f6 fd 49 42 b5 6f 37 92 08 e6 df 05 fc 37 d7 c7 a9 7d f3 94 15 b7 0b fb 90 65 5b ca 9f bd ff 97 f4 bf b3 a4 ff 3d 4e fa df e3 96 fe e7 51 58 a8 8f f4 bf 79 ca b2 56 f3 16 5e e7 94 d1 be 8b 02 af 0d 34 4e bf 62 b0 e6 cd 18 99 dc bc 62 78 b3 50 2f b7 b4 bf 72 d2 fe 62 4a 1d a9 72 ef 2d b4 3b ee e8 42 d1 71 ff 83 fe da ef fa df e9 af 87 5c c9 0d 5a e2 fa ca fe ba da f5 35 fb eb d4 a4 af d9 5f 4e
                                                                                                                                                                                    Data Ascii: "(d,e,JA80#fHcr'_}F_w[4JfWREi[4J \~E(^\7$R q~k$ZgpawIBo77}e[=NQXyV^4NbbxP/rbJr-;Bq\Z5_N
                                                                                                                                                                                    2024-12-23 17:59:35 UTC1576INData Raw: 8a 6c 6f 83 8d bf 95 1c 96 e7 9e 90 4b 5a f0 b6 b2 ec 69 c7 db b5 07 80 9e 9c b6 56 a1 b2 5e cf 76 ff f2 dc 00 39 8e f3 d0 7e 86 7c 06 bb 84 ca a7 f5 68 6d 7a 11 da ec a2 5f 3c fd 92 2b 95 a9 15 de d3 93 85 67 15 24 e5 f6 c9 05 6f c3 53 97 54 5f 86 77 8b 6a 3b 6d b8 a0 23 1d 2c 1e 5e 00 c0 32 0f 65 aa 9d 28 bd 4e aa 45 3a 7b 1a ef dc 4c 6a c7 e4 cb bc ed 57 ec c2 a2 b2 a7 07 e9 31 c8 f1 f1 d1 75 c7 a4 00 e6 19 e6 6d 17 76 31 ae ff b1 e6 80 95 55 36 09 8f e6 16 5b 77 21 6d c9 76 ea 6d 4f 04 18 5d 23 27 f5 f1 df 97 1e f2 d6 0f f1 b6 1b e5 92 1e 72 86 7c 28 db 3b 32 0e 62 bf ec 29 79 19 7b 6d cd c2 73 78 80 5f 90 ed a1 8b d3 c8 dc 0e 61 db 28 e5 4e de a3 77 e1 bb f7 cb c9 75 ed 09 33 93 ea 0b 6c 9f 2f ff 37 f1 c0 f0 f6 90 c6 ba 2f 12 7c aa 30 a5 71 d5 69 55
                                                                                                                                                                                    Data Ascii: loKZiV^v9~|hmz_<+g$oST_wj;m#,^2e(NE:{LjW1umv1U6[w!mvmO]#'r|(;2b)y{msx_a(Nwu3l/7/|0qiU


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    6192.168.2.44974665.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:38 UTC136OUTGET /f/AVG_AV/files/1319/avg.zip HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:38 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/zip
                                                                                                                                                                                    Content-Length: 125405
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Last-Modified: Tue, 17 Oct 2023 08:25:24 GMT
                                                                                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                                                                                    x-amz-version-id: 7L8o.GLX1Vn.tHqh_TFMmsecTIZweR8e
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 07:40:37 GMT
                                                                                                                                                                                    ETag: "56b0d3e1b154ae65682c167d25ec94a6"
                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                    Via: 1.1 a70d15c0de6117f8c3e081ecba9408a4.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: fGQX2Fz1CqtR-EeV1MfvgcXcUzPgY1fdwjpm2GuaPKdDpzmCfOcywQ==
                                                                                                                                                                                    Age: 37142
                                                                                                                                                                                    2024-12-23 17:59:38 UTC15828INData Raw: 50 4b 03 04 14 00 00 00 08 00 c5 58 51 57 d0 61 0b d8 1f e9 01 00 b8 95 03 00 1c 00 00 00 61 76 67 5f 61 6e 74 69 76 69 72 75 73 5f 66 72 65 65 5f 73 65 74 75 70 2e 65 78 65 e4 5d 7f 7c 54 47 11 7f 97 1c c9 95 1e bc a3 4d 6a da 52 48 2d 56 ea d1 36 10 40 e8 01 0d 81 03 5a 09 bd 10 b8 a0 25 40 2d 8d e7 89 1a 93 3b 40 4b 28 e9 e5 2c cf c7 53 54 50 54 aa 54 ea 47 54 d4 a8 89 a4 48 e8 25 c1 fc 2a 42 42 51 d2 82 36 5a d4 97 26 da b4 a4 e1 80 34 e7 77 66 df fd 08 bf ac 1f fd 4f 5a ee ed db 9d 9d 9d 9d 99 dd 99 9d dd 7d e4 7d 6c bb 94 2c 49 92 19 7f 23 11 49 aa 95 c4 9f 1c e9 df ff c9 34 49 d2 e8 f1 07 47 4b d5 37 fc ee ce 5a d3 e2 df dd b9 cc f3 c9 b2 cc 92 d2 cf 7e a2 f4 b1 4f 67 3e fe d8 67 3e f3 59 5f e6 c7 9f c8 2c f5 7f 26 f3 93 9f c9 9c ff 48 41 e6 a7 3f
                                                                                                                                                                                    Data Ascii: PKXQWaavg_antivirus_free_setup.exe]|TGMjRH-V6@Z%@-;@K(,STPTTGTH%*BBQ6Z&4wfOZ}}l,I#I4IGK7Z~Og>g>Y_,&HA?
                                                                                                                                                                                    2024-12-23 17:59:38 UTC16384INData Raw: fa 3c aa e9 af f1 83 2a 15 93 90 a9 e1 ab d8 b1 ac c2 25 03 e9 4f 47 34 6d 51 e9 9e 96 6b 68 c9 93 42 19 d0 5b f2 a4 47 4c 18 4c b1 af f4 0e 86 df a1 f2 cf 8a 29 de d2 bb 11 c3 4c 08 0f a5 57 72 3d f2 db f3 70 63 49 f3 6c fc 06 d5 b7 48 0e 58 4c 80 46 fc 45 9d 03 95 03 26 00 13 35 ea fd 32 98 f2 20 1c 7b 5f 4f 79 59 bd ae 27 3d 91 b7 e6 5a e5 c3 46 8f 8c fe 8a 72 79 2d 6f 2d 9e ea 95 ba fc 2b 49 f3 de ea c8 6b f2 88 b7 42 d1 2b 75 cb a2 57 ea 46 f8 c4 21 a4 b0 1f 9e 50 ae 55 b1 e0 e6 45 ae 0d ed e8 55 32 a9 39 f1 43 bf dd 05 c4 74 d5 ce 2b ae fd 25 01 a7 e1 1e 07 a0 57 96 68 17 82 f7 ec 45 77 9b 0f 9a 24 3f a9 31 f0 13 39 df 7b a3 f3 dd 3b e4 ea 36 d8 07 7c 8f 99 d5 56 41 77 25 79 84 db 8e f8 24 44 99 65 94 0d 1d 2a b2 11 69 98 58 2b a9 c1 54 fe ea 15 b9
                                                                                                                                                                                    Data Ascii: <*%OG4mQkhB[GLL)LWr=pcIlHXLFE&52 {_OyY'=ZFry-o-+IkB+uWF!PUEU29Ct+%WhEw$?19{;6|VAw%y$De*iX+T
                                                                                                                                                                                    2024-12-23 17:59:38 UTC16384INData Raw: a5 47 78 8d 30 55 1e 60 5f 8d c6 83 0d 0c 23 e3 37 df 48 00 1b 86 e2 8f 08 ff 2e 0f 6f 78 3f fc d7 46 79 f0 25 f0 a3 5c e1 42 b3 34 7e f6 71 94 82 2e 55 2a 93 52 e8 56 a5 75 89 bc 50 71 8c 98 fc c2 4b 7b 80 95 91 e6 54 55 cf 5e 12 02 ee f1 b3 6d 60 15 3e 77 51 78 0d 85 67 ef 33 c3 2b 28 7c 1f 5d 18 db c5 af d1 5f e1 af ba ff d7 10 72 3e 0b 79 8e 9b cb a2 9d fb 5c 14 94 88 a0 e8 54 38 39 c0 e3 04 d0 11 03 f0 0e 8f 7b 94 82 9e 88 05 4d a7 a0 3f 23 bd 7d 33 c8 75 9c 5c d9 e4 ea 20 d7 2c 72 b5 92 6b 0e b9 7e 4d ae 4c 72 3d 46 ae 79 e4 fa 21 b9 3c e4 fa 0e b9 32 c8 f5 15 6e 07 2e 10 b2 b1 9f 43 74 9c 9d 4a 26 ee c5 75 9b e1 bc 6b 0b 31 27 58 07 7c 70 c9 6e 22 b7 4f 41 7d 0d 4a 79 9b 8e bf ca ae c4 ca 5a e5 1d 93 6f 61 0d 0e 40 ff 84 47 9c 71 17 d5 23 96 92 62
                                                                                                                                                                                    Data Ascii: Gx0U`_#7H.ox?Fy%\B4~q.U*RVuPqK{TU^m`>wQxg3+(|]_r>y\T89{M?#}3u\ ,rk~MLr=Fy!<2n.CtJ&uk1'X|pn"OA}JyZoa@Gq#b
                                                                                                                                                                                    2024-12-23 17:59:38 UTC16384INData Raw: 4d 93 90 3a bf 2a ef 1a df 80 77 72 25 9e f8 28 e7 02 a1 cf 82 f1 04 df 68 1e f7 7d 13 22 05 d8 64 c4 c2 16 80 fd fe c2 10 1a de c3 b4 d4 62 54 0e f7 e3 99 68 04 da d4 22 7f 84 ca 50 3b ae 42 4a d9 c6 ab 35 89 aa e5 9b 90 57 d1 ef b3 89 d4 26 9e 1a 00 8f af c5 14 44 47 a2 49 f8 02 29 34 fd 1b 6d 3f 97 e0 13 aa 0e ba 75 c8 8c ed 3f 6e c3 af 1f c6 c7 f9 6b 68 ae cf f3 f8 f7 e2 ac 23 df ac 1d 03 72 9a b3 13 c2 b7 7f 2a 49 83 cf e8 ec 61 e7 d9 75 94 64 82 2a 5d 03 27 6f 6c e3 55 18 0a b2 86 f0 cf b1 42 35 b6 9d 0c 1e e9 12 67 e7 88 fd 34 8f f5 93 d1 66 32 0c e4 f6 b0 31 b9 62 fb 94 2d 28 42 bb ca cd 72 0c dc a1 94 78 bf c8 b5 83 52 6f 3d 81 1f 76 7a 17 4e 9c 90 17 0c a1 b1 48 e2 66 4d f4 50 88 27 13 c5 4a d0 3c 9a 6b dd 6e 8f fd 45 33 f4 9e 48 ed c2 3b ef 66
                                                                                                                                                                                    Data Ascii: M:*wr%(h}"dbTh"P;BJ5W&DGI)4m?u?nkh#r*Iaud*]'olUB5g4f21b-(BrxRo=vzNHfMP'J<knE3H;f
                                                                                                                                                                                    2024-12-23 17:59:39 UTC16384INData Raw: 15 8f f1 e4 78 a5 37 67 dd a7 60 3b e1 76 4e 38 b5 95 90 a1 71 92 b0 e3 f9 9d a0 2f c6 ca 1c 7c bf b5 44 78 10 67 81 e5 1e 4e b9 a4 b3 f8 02 e3 26 82 9b 9c 5a 23 fa f7 19 b6 bb e2 32 fa 38 be e3 d4 2a a2 5b 95 ff f0 56 a2 8d 59 eb e2 59 8a ed 8d 65 0a cd 47 aa 20 cb 0d da cd 66 5d eb 86 30 6f fd 61 85 e6 5d 55 50 fe 0d c3 18 32 c9 97 52 59 2e 05 63 61 8a 76 b3 c0 44 a0 68 74 b4 32 18 62 fd ea 27 db 6d 45 cd 06 55 18 9a ea 69 f0 bf 86 49 d7 0a dc 7a 88 25 6a d8 56 1d f6 ed e6 12 da 65 a7 ce 9a 1e 7c 6c 06 be 41 1f 4d c7 99 7b 1f 98 4a 29 24 93 60 d8 69 84 7d 27 55 b8 5b 91 82 bd 28 d8 8d 05 97 c2 68 a9 7e d1 3d 9c 37 c1 66 78 ba b2 bf 4a 5b 26 82 df 8a 5b b8 46 07 d1 9a 5d 27 82 ab b4 bd 8a 4f 2c 55 1b 92 ad 10 00 f5 77 a9 02 b2 84 dd d5 bc 98 6b e5 57 72
                                                                                                                                                                                    Data Ascii: x7g`;vN8q/|DxgN&Z#28*[VYYeG f]0oa]UP2RY.cavDht2b'mEUiIz%jVe|lAM{J)$`i}'U[(h~=7fxJ[&[F]'O,UwkWr
                                                                                                                                                                                    2024-12-23 17:59:39 UTC16384INData Raw: 95 aa 35 d7 f0 0f 3f 13 fa 57 9e 27 51 59 1d 6f b3 73 55 b9 d7 ea b7 0e 12 7b ee 26 ff 26 b6 f4 64 ea 35 fb f0 f2 7a e8 1c 93 86 2d 7a 48 1e aa fe cc eb 35 fb 89 b3 1e b5 40 e7 74 f1 bc 96 44 7a 94 d2 54 f3 57 e7 d7 a8 2b ad ea 7f a0 c8 ca 7a bf 56 d9 d7 7d 76 f7 c2 b2 40 32 fb bf 2e 55 e5 5f 7b 8e 89 1a c8 a6 aa 5e bf 76 db 59 d2 ff 52 90 cf 13 94 7e 45 79 b4 65 51 07 8e 0f f3 ff 01 93 6c 34 c8 cd 7c ed fe b0 27 bb e9 fc 89 6f b6 e4 13 76 6d 4a a0 63 d0 e2 c9 6f da f3 f5 b2 e7 a1 d5 eb ad fe 6d 4d 9a 2f ec 3b f3 d8 26 52 df 59 ab 34 0e 1a c5 6b d7 2b 1f b1 86 3f b9 4e 45 9d 71 d8 66 fd 93 f5 58 7a 0e 63 97 1f 75 d5 fd 08 bb 0c e6 4d f3 f7 50 5f f8 dd 54 5e bb 94 b6 06 1a 58 3e 27 96 eb e8 39 31 4b cb 9e 13 cb 74 51 96 cf 8e eb 02 30 0a 4e 37 1a f1 cc 22
                                                                                                                                                                                    Data Ascii: 5?W'QYosU{&&d5z-zH5@tDzTW+zV}v@2.U_{^vYR~EyeQl4|'ovmJcomM/;&RY4k+?NEqfXzcuMP_T^X>'91KtQ0N7"
                                                                                                                                                                                    2024-12-23 17:59:39 UTC16384INData Raw: 7f 4f 1a 92 d3 a4 39 b8 ee 81 a6 dd 39 9e ff c8 58 e5 e5 fe 49 ea 4f 7d d2 fa bc f5 cc d4 21 f7 1c 7d 72 c9 37 21 a7 99 62 72 9c 2d 25 87 22 19 d9 cf 19 4c 76 a5 76 64 3b cf 91 6c e7 3b 93 ed 02 17 b2 a9 70 23 9b 45 ee 64 0b d8 2f 82 4c 4c b6 0a 67 5e 4e d7 f9 f6 34 04 ed e6 55 6a 45 be 73 a5 14 30 47 44 a3 8a 8c 69 fc 6c 3d 8a 2c ea 45 26 a2 62 d4 ff 91 37 e0 2a 07 5e 7e d4 15 a0 fb fe 19 e0 7e 88 e7 ae c5 73 27 0d bd 6f f7 69 98 fc 50 8e 3a 27 4d fc f2 a7 a6 cb c5 07 9a ee 97 c0 5f 38 bc 93 d4 55 86 4c ed a3 eb 9a ae 63 e3 94 35 68 a4 c3 74 e3 a9 b6 79 e6 95 83 0b c4 df 0d 9e 61 41 56 b3 64 24 9b 3d 98 64 45 36 24 2b b6 25 d9 1c 7b 92 cd 75 20 59 a9 23 59 97 39 91 4d 19 e4 2a 75 80 8c f6 e4 00 39 9d e7 da 90 db 1c 2b f2 28 96 42 0f c5 e4 5f 68 4e 23 66
                                                                                                                                                                                    Data Ascii: O99XIO}!}r7!br-%"Lvvd;l;p#Ed/LLg^N4UjEs0GDil=,E&b7*^~~s'oiP:'M_8ULc5htyaAVd$=dE6$+%{u Y#Y9M*u9+(B_hN#f
                                                                                                                                                                                    2024-12-23 17:59:39 UTC11273INData Raw: 63 37 b0 9b c0 ff 6d 88 26 f6 b0 df f2 8f 4a 8b 60 31 96 49 2b a5 97 61 89 5f 87 86 bc 25 6d 97 76 83 3a 8d e5 2c bd 44 b7 02 22 3f 62 1b 0e c7 e9 60 b6 25 e4 a9 2f fb 08 3b 9a 1d cb 4e 62 17 b1 5b d8 f7 d8 fd ec 19 c4 45 31 5c 0f ae 0f 37 90 7b 97 db 0f 9d bd 97 6f 28 c6 8a f1 e2 73 d2 6b 88 da 6e 4b c1 72 5d f9 3e 39 5c 7e 40 e6 e1 83 fa c8 cf c2 9e 5e 91 6b 2a 71 4a a1 f2 84 b2 08 59 c6 fb ca 41 e5 8f b0 fb 57 95 9f 61 5b eb ab 8f aa 53 d5 05 ea 52 f5 bc 7a 53 f5 d3 6a 69 0d 10 4f 08 5a 5f ed 19 6d 85 b6 56 db a1 d5 d6 9b 42 af 34 3d 16 51 5d aa 7e 42 ff 0a d9 46 53 c8 99 6c 0c 40 44 f1 2c e4 e2 80 1d 47 f8 11 6b 70 68 46 ee 41 86 a1 53 dd 6d 99 bb 45 95 42 e6 da 30 99 cc 04 64 6e 9b 99 4f 98 93 8c 1f db 80 ed 03 3d 71 b1 c5 ec 44 e4 09 73 d8 e7 e1 6b
                                                                                                                                                                                    Data Ascii: c7m&J`1I+a_%mv:,D"?b`%/;Nb[E1\7{o(sknKr]>9\~@^k*qJYAWa[SRzSjiOZ_mVB4=Q]~BFSl@D,GkphFASmEB0dnO=qDsk


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    7192.168.2.44974765.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:40 UTC164OUTGET /f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Inno Setup 6.1.2
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:42 UTC618INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/x-zip-compressed
                                                                                                                                                                                    Content-Length: 5627506
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:42 GMT
                                                                                                                                                                                    Last-Modified: Thu, 25 Apr 2024 14:45:12 GMT
                                                                                                                                                                                    ETag: "c0eb1d6c28dad5e8c4c84ede4284a15a"
                                                                                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                                                                                    x-amz-meta-cb-modifiedtime: Thu, 25 Apr 2024 14:42:48 GMT
                                                                                                                                                                                    x-amz-version-id: JAmPfSbhFAZjvy19_8x1rg5UYa5pZuKT
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 50940f3eeb596eda1f7ea7b16cfd66f0.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: X71vHHTevvowSrjunLK-zQm_L1GS0UUR12PCqyA2Rtrt9trsMMw56w==
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: 50 4b 03 04 14 00 00 00 08 00 fc 8c 99 58 98 e8 86 f1 ae dd 55 00 88 64 57 00 1f 00 00 00 6e 6f 72 74 6f 6e 5f 73 65 63 75 72 65 5f 62 72 6f 77 73 65 72 5f 73 65 74 75 70 2e 65 78 65 ec 5c 7f 7c 53 d5 15 7f f9 d5 86 36 69 52 48 b1 40 8b 05 8a 32 0a 8c ad ad a3 86 62 f8 91 82 93 e2 ab a1 09 4c 0a 6e 4a 16 df 9c 43 78 0f d1 51 69 4d b3 11 1f 71 6e 73 9b 6e 6e a3 76 3f d8 e6 26 db 98 e2 54 68 01 69 99 3a ca 8f 61 9d 6c 56 65 7a b3 54 ad a3 96 22 b5 6f df 73 6f 52 dc af cf f6 d9 e7 b3 ff 56 78 79 f7 f7 3d f7 dc 73 cf 3d e7 dc 73 5f ed 27 ee 93 2c 92 24 59 f1 18 86 24 ed 95 c4 9f 4f fa f7 7f 5d 78 f2 2e fd 75 9e b4 67 cc f3 53 f6 9a 96 3f 3f 65 65 e4 e6 4d 25 1b 36 7e ee d3 1b 3f f9 d9 92 1b 3f 79 eb ad 9f 53 4b 3e b5 be 64 a3 76 6b c9 cd b7 96 2c b9 36 50 f2
                                                                                                                                                                                    Data Ascii: PKXUdWnorton_secure_browser_setup.exe\|S6iRH@2bLnJCxQiMqnsnnv?&Thi:alVezT"osoRVxy=s=s_',$Y$O]x.ugS??eeM%6~??ySK>dvk,6P
                                                                                                                                                                                    2024-12-23 17:59:42 UTC496INData Raw: 82 63 b4 5c 45 f1 1a 28 43 9d 05 fc 10 82 5f 91 fa bb 82 13 c2 46 bb c2 75 78 29 aa 9a 20 55 8a 3e 79 80 60 6d 70 29 24 12 4c ad 4f a8 87 03 84 1a de 27 54 ca 4a 12 21 d0 20 61 c2 32 ea f0 2b c4 39 f7 e0 76 bb dc 04 56 a6 38 7a 2f 88 b4 04 17 29 2d 09 6a 1a dd 96 92 de cd 4a eb b6 d9 9b 40 82 bd c9 04 aa 72 0a 93 a4 f7 a8 55 98 5c b7 9d d4 ab 7c f2 3f 55 86 bd ff d6 32 44 e7 91 84 a3 08 73 21 ec 84 4e d8 49 1a b2 93 e3 14 fc ad ed 62 96 48 0d 3f e6 aa 96 b0 e0 60 a3 4a 02 4f be b0 2a d0 41 52 89 b4 e2 be 3c cb 09 9d b0 2e 49 64 21 b3 a7 f9 48 e1 06 2c 11 66 11 ec 54 30 e0 e3 0d 7c 20 27 4c 08 4f d0 94 80 d1 8b f3 14 89 50 19 d4 68 aa a9 14 d6 79 b0 9d 3a 43 88 36 50 14 06 21 4a 36 12 45 bb 87 85 62 dc 19 0c b9 d2 41 7f 06 60 c6 7d 52 c0 5d 51 32 20 03 51
                                                                                                                                                                                    Data Ascii: c\E(C_Fux) U>y`mp)$LO'TJ! a2+9vV8z/)-jJ@rU\|?U2Ds!NIbH?`JO*AR<.Id!H,fT0| 'LOPhy:C6P!J6EbA`}R]Q2 Q
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: 82 f4 68 56 0f e2 20 f3 30 93 42 02 80 e4 f0 cc 02 6a ee 90 20 d1 2d a7 7e 0a 21 c2 d8 bf 2f 02 f4 f4 44 87 14 cd 87 eb 8e 24 cb 9b f2 3f c1 65 b8 18 6a 1f fa d2 d0 26 a0 65 28 5e 2a 51 3c 5d b6 70 79 73 d8 88 c4 e5 4d 57 f0 66 51 96 ff 83 46 29 2d e3 64 fb 26 aa d5 4f d3 bb 3d 75 79 13 73 2a dc ed fd 5c 62 93 53 fe 16 14 e7 96 2b fb 1c 1a 0a d1 4a 2c 40 24 68 29 89 d1 d9 bd 25 49 a8 73 87 4a 27 b9 3d ee 46 65 78 8c 96 eb b1 64 f4 4e 7d ba 62 7c 0e d2 3f ab 94 0c 35 46 62 a5 13 c6 17 42 fe e7 8d 0f 59 5e b7 4d 29 8c da 18 6e 80 1b 73 eb 22 3a 7b 0c 4f 1b 2e 5a 12 73 4a 31 e8 65 a1 8d c0 ed ff 54 5c 6f 79 14 64 9e 0f f0 5d cc 9e 46 36 0c 19 45 28 99 50 01 54 06 f4 bc d0 51 f4 74 be ea bf 74 bc a8 2f 46 3d c4 c8 bf dd f5 f6 f7 12 61 13 89 5a 39 4a fa fb 86
                                                                                                                                                                                    Data Ascii: hV 0Bj -~!/D$?ej&e(^*Q<]pysMWfQF)-d&O=uys*\bS+J,@$h)%IsJ'=FexdN}b|?5FbBY^M)ns":{O.ZsJ1eT\oyd]F6E(PTQtt/F=aZ9J
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: f8 dd 64 13 84 a5 b1 91 eb 96 ce ed 98 0a f3 52 57 0a 20 e8 5b f4 63 de ed 7c 98 f6 fc b3 43 00 2d 8d 38 25 f6 ab 01 f6 e2 79 fd f1 88 3e 36 7b 50 09 7f 5a 0e 8f 23 fe 78 d8 96 60 b4 67 d4 f5 5c 0f bb 52 eb c5 a1 c1 e7 68 a1 64 80 41 21 d5 fc e7 e3 c7 7a de 38 15 16 c7 ee 78 86 a1 f3 17 9e d0 ea b3 1f 0e e5 7d 08 e4 e6 2e 58 0b 40 c8 bf d9 9b 10 e3 7e 2a 03 b6 ab 04 4d 4d 90 cc ce c8 ad a1 85 08 2e d8 fb d2 e2 53 4d af 68 4e 06 9a a4 a9 9d 85 28 13 60 3f 6b 84 05 9b 0d e4 4c c6 c0 f5 52 10 54 8b 61 6b b6 d0 79 d9 b2 f9 75 bf 87 60 9d 29 80 85 f7 f1 36 e7 50 31 1a 31 00 f5 76 d2 d8 df 97 98 7f 6a b7 49 7c b4 5a 65 40 39 5e 0b f1 d7 2b 22 e2 05 28 0f 82 03 f0 99 0e 3c 76 4a b6 fa d0 ea 2d 5e 92 3b aa c5 8f 12 7c 6c 20 a0 c3 00 bd 6d b5 7c 4d 01 40 35 91 d9
                                                                                                                                                                                    Data Ascii: dRW [c|C-8%y>6{PZ#x`g\RhdA!z8x}.X@~*MM.SMhN(`?kLRTakyu`)6P11vjI|Ze@9^+"(<vJ-^;|l m|M@5
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: 26 05 c9 85 f5 5e 05 62 2d 40 e9 b7 80 f2 9f 1a 9f 5c 56 6c 00 1c db 1c 98 c6 8b bd b2 cd 11 d8 6d 8f 00 c9 90 d1 74 1d c6 e3 f1 81 50 28 b4 a9 aa aa 8a 89 19 08 04 05 fc d0 a7 32 ab 90 d9 68 78 70 6d 6c 6c ec a2 ba 6f 26 c0 14 42 8c 01 00 c3 7b a2 14 17 17 7f 10 8d 46 5d b5 07 50 c6 64 fa 5d 7e f9 e5 38 e8 a0 83 1c 6e 60 d6 5d 7f 1d d0 7e 3e 30 f8 9a 7e 1e cf de 19 7c dc 9c 85 be f3 07 17 00 33 5f 4d b8 f8 69 4b 19 9f 13 30 d1 ef 6c 08 e3 2f 42 88 cf d8 e8 97 76 97 29 07 00 56 8d c0 30 0a f6 47 22 91 cd 55 55 55 72 28 14 22 10 04 a6 a2 eb d0 38 f7 2b 6d 6d 6d 2d 1d 1d 1d 35 7e bf 5f 33 f2 25 d3 00 0c 10 18 aa ac ac 6c 2a 2c 2c dc d7 ad a3 00 55 7f 86 f4 32 b2 cf 59 b3 2c fe de bb 80 ae 2b 00 ba f6 24 12 88 32 fd 6c 79 86 67 6e 4a ad 2c a9 61 e4 33 72 55
                                                                                                                                                                                    Data Ascii: &^b-@\VlmtP(2hxpmllo&B{F]Pd]~8n`]~>0~|3_MiK0l/Bv)V0G"UUUr("8+mmm-5~_3%l*,,U2Y,+$2lygnJ,a3rU
                                                                                                                                                                                    2024-12-23 17:59:42 UTC3072INData Raw: 6a a7 4c 9e 2c 75 58 f0 bf 77 d4 4a 27 de 35 71 d1 a2 85 62 71 c4 14 f1 e1 c2 f9 a2 e5 db db 18 5f 3c af b5 65 9c cf b5 c2 35 d1 c2 f5 a7 4d ef be b1 fd f5 92 ed 7e 19 e4 d6 ed 94 98 d8 7f a3 d8 1f 3a 4c b3 24 b0 8f e8 db ab a7 78 b7 c7 07 ca 7b 85 7c 36 86 a5 17 c7 9d f9 d1 47 ae 33 27 8e fb cd 7b cf 7e e1 74 40 08 2b ee b7 00 e3 78 af 17 bf 22 dc 5f df bf 36 25 d1 f0 5a bb fc fd 9e 0a ef a0 5d e2 f6 b4 0f b4 97 23 bb 8b 8d 93 fb 89 61 c1 c1 bb 66 2d fd dc 59 ee 2f d5 f5 b7 99 17 1e de 2d 22 32 e2 80 fa b6 56 38 1c 15 a2 48 be a3 c2 de ea b4 a8 50 ec e7 bf d2 9d 33 04 dd fc c8 26 90 80 33 ec 33 21 e6 be 25 c4 e2 16 e2 87 d9 23 8e 8d 9b b1 b0 87 dc 5f 06 83 5e 41 97 5b 42 e3 46 9d 28 56 f1 08 63 81 87 45 99 42 db 7b a5 8b 4b e4 7c 96 0d bc 95 e0 e0 7f 4b
                                                                                                                                                                                    Data Ascii: jL,uXwJ'5qbq_<e5M~:L$x{|6G3'{~t@+x"_6%Z]#af-Y/-"2V8HP3&33!%#_^A[BF(VcEB{K|K
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: 58 39 1a 7a 0f 1b 5d f1 a0 b8 75 eb b6 70 35 4d 71 dc af eb a2 fc 0c 1c 10 63 f1 a1 b8 b8 4f 3e 59 b7 dd 4f 6d 1d a8 73 bc eb 8b 6f cb f2 80 75 db d7 45 6d 5b 67 dc cf 20 12 27 e2 10 39 9d 67 41 59 69 28 ef 7f 88 e5 31 60 45 58 18 cb 0d 2e e0 fe d5 ee de bd 1b c7 25 bb c8 25 b2 02 fa fe 77 96 e5 6c ae db 20 6c a5 a1 9f 8e b2 1c 30 6c 30 ca 5b 5f 21 cb e3 f5 e5 d3 c2 c2 42 8c fe 5f 47 43 39 22 23 53 94 cf 49 2e 1f 60 5a de 81 bb 37 1c c0 b4 dc 35 83 72 c7 e4 f2 88 14 e5 1d 4c ca 61 90 7c 8e 8e d5 32 28 77 d4 5b 99 2d 23 7b 98 00 91 a3 a1 a2 65 9b c8 1e 21 29 ca 29 2d a5 b4 19 10 82 14 3b a2 54 63 79 ab 30 a4 2a 67 31 a5 75 08 4c 24 b9 bc 07 90 66 03 b9 9b 10 a4 ad 30 34 4f bb 45 6b a4 11 79 d2 ad 90 e5 62 89 af e7 7c 7c dd 9e c9 c1 c4 5e f2 ca 9f c1 78 27
                                                                                                                                                                                    Data Ascii: X9z]up5MqcO>YOmsouEm[g '9gAYi(1`EX.%%wl l0l0[_!B_GC9"#SI.`Z75rLa|2(w[-#{e!))-;Tcy0*g1uL$f04OEkyb||^x'
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: 2f d9 3c 13 58 2c 0f 6e 4d db ae 87 79 31 f7 ce 2e 27 07 f0 2e ec 61 07 e3 3f 78 a8 15 57 b7 d2 cf f5 b6 39 d3 b2 cc 56 a1 33 92 ed 7c 4d fd a3 46 55 9b 35 e9 3b 2f ee 7d 6f 46 0e 4a e2 53 13 25 b6 9e 76 ec 54 6b cd d3 b4 c1 9d 58 d8 0f 2a b6 cf 8b 09 3a c9 5a 88 7d 6c 68 69 23 d5 45 ac c7 47 cb d3 fa 1f 76 49 9e 37 da ec f5 cb 25 77 a0 a1 e7 e5 eb 5a d1 25 b3 56 36 c7 7d f0 e3 38 36 a3 7f 1e 16 63 fe 65 40 da 81 77 9d 30 06 21 3f a3 57 88 5d d4 66 47 93 37 35 c8 be ad bc 5e eb 82 c5 66 4b 75 79 ef 00 b4 dd 43 e0 45 b4 31 60 89 85 29 5d 1c 1d 30 c1 19 0d a0 0d c1 50 2d cd 60 84 90 71 9a 86 e3 51 12 45 ec 2e 8c 89 bb 64 dc 9b f4 bf 14 76 3b 60 a5 15 13 d4 78 d4 1f 7c 3f 00 62 f8 e1 38 30 7f 6c cd c2 a7 4c 8f 87 df 44 7d a4 9e d1 c4 cc 73 b0 44 32 ec 4a 2a
                                                                                                                                                                                    Data Ascii: /<X,nMy1.'.a?xW9V3|MFU5;/}oFJS%vTkX*:Z}lhi#EGvI7%wZ%V6}86ce@w0!?W]fG75^fKuyCE1`)]0P-`qQE.dv;`x|?b80lLD}sD2J*
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: 78 e2 63 5f 05 3f 0f 79 24 05 df ad 8a 92 27 71 a4 ac de 52 df 53 9e af 8c f9 30 6c 42 c6 36 ae 57 cc 7b eb 0a f3 5d ab e2 81 73 6d f2 42 79 a1 ae 1e 45 0a 53 56 32 d0 ba 3f c4 88 2d 00 24 b2 e5 56 c6 39 ca 1f 64 b5 01 34 ba 3e 85 8f f9 f8 c6 09 58 41 c4 d8 ed c4 01 2c d0 d8 9c c4 f1 12 89 7c b3 79 05 69 86 f7 7f 21 b1 08 fa 5f 50 61 48 e8 02 bb ac c4 71 26 f8 bf 07 da 56 a0 46 d1 ba 65 d9 fc e0 b4 f7 82 a5 22 82 28 7f bf 86 0e 1a 40 99 7f c7 3a ac 48 55 cd 4a 93 08 1c 83 75 9e 84 8a e4 3e 5b fc 24 5e 3a eb 18 38 4d 76 63 4a 27 ef 02 c8 0d 5c 5f cb 00 dd cd fa 56 33 bf 1f c3 80 2e 82 e6 f7 58 f1 6e ba f1 43 f7 6b 5d c3 61 ba 91 97 cb 21 09 f5 bd c6 b9 f3 5b 4a ee 2b 20 26 a2 e9 fc 41 8d 28 ce 8f 74 2e 9e a3 16 8b ee c3 3b 07 31 a5 e4 93 ae be 47 49 71 8a
                                                                                                                                                                                    Data Ascii: xc_?y$'qRS0lB6W{]smByESV2?-$V9d4>XA,|yi!_PaHq&VFe"(@:HUJu>[$^:8MvcJ'\_V3.XnCk]a![J+ &A(t.;1GIq
                                                                                                                                                                                    2024-12-23 17:59:42 UTC16384INData Raw: 2a 4b 34 88 83 ae d1 cc 08 a5 07 fe 5a 34 55 b3 82 05 6f 3c f5 dc a1 c9 7f a4 eb b4 2d 29 13 49 4e bf f3 c8 f1 b6 08 22 d4 41 18 0c ed 9e d3 bd 41 5d 02 73 90 84 94 88 ea 25 cd 93 80 55 94 b8 d6 cc 4d 39 f8 16 d0 f9 53 4b e1 f1 3d e1 81 a9 7b f8 a5 79 8a f6 8f b0 01 61 dc 68 1c 78 d7 7c 48 a2 b6 d2 bd f6 6c 3d 4c a4 b7 89 ec f6 47 a1 96 65 40 ad 55 5f 5b 05 68 91 71 90 31 73 cd 1c 27 1d 0e ad fb 5d 0f eb 06 9e ec 29 58 2d dd 75 7c 0d 10 40 73 fa 2f 6a 1b f6 a3 21 c9 69 e0 55 c1 97 e7 00 96 60 54 06 4c f8 95 f3 7c b4 cc ff d1 a7 6c a2 96 1d 63 aa c8 3e a8 55 32 9a 2f 3e 2d a4 a3 9b e6 94 53 4c 82 c4 fd 52 c0 a6 95 0b 69 b8 e2 d1 be ae 02 46 38 2d 81 4e 66 3e c1 0c f0 de ad b0 fe 47 2b 3e 75 e0 4a 91 65 fe f1 f5 1a 3f 57 28 45 f7 84 45 12 ae c4 75 99 69 a2
                                                                                                                                                                                    Data Ascii: *K4Z4Uo<-)IN"AA]s%UM9SK={yahx|Hl=LGe@U_[hq1s'])X-u|@s/j!iU`TL|lc>U2/>-SLRiF8-Nf>G+>uJe?W(EEui


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    8192.168.2.44974865.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:53 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004a
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                    Content-Length: 370
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:53 UTC370OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 33 31 33 30 30 30 34 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 31 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33
                                                                                                                                                                                    Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223130004\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"WebAdvisor\",\"18\":\"ZB_WebAdvisor\",\"19\":\"noChGroupx1\",\"21\":\"gamefabrique\",\"6\":\"3
                                                                                                                                                                                    2024-12-23 17:59:55 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 15
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:54 GMT
                                                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 844958a6c6c19e59b7fbdd2ad9cef208.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: d98Sf7yZf8BWdIs8aCfxA3-BOJjoX4fw7iYuVx6JY7j0FKNEFK7aWQ==
                                                                                                                                                                                    2024-12-23 17:59:55 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                    Data Ascii: {"Status":"OK"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    9192.168.2.44974952.35.239.1194434600C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:54 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    User-Agent: SA
                                                                                                                                                                                    X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                    Content-Length: 311
                                                                                                                                                                                    Host: analytics.apis.mcafee.com
                                                                                                                                                                                    2024-12-23 17:59:54 UTC311OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 30 42 34 33 38 43 30 32 2d 35 45 41 33 2d 34 33 31 36 2d 38 43 36 37 2d 41 31 39 31 44 45 30 37 32 45 36 44 7d 22 2c 22 65 61 22 3a 22 50 72 6f 63 65 73 73 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22
                                                                                                                                                                                    Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{0B438C02-5EA3-4316-8C67-A191DE072E6D}","ea":"Process","ec":"BootStrapInstaller","el":"Started"
                                                                                                                                                                                    2024-12-23 17:59:55 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:54 GMT
                                                                                                                                                                                    Content-Length: 17
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 17:59:55 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                    Data Ascii: {"message": "ok"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    10192.168.2.44975265.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:57 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004a
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                    Content-Length: 378
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 17:59:57 UTC378OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 33 31 33 30 30 30 34 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 41 56 47 5f 41 56 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 41 56 47 5f 41 56 5f 54 72 75 73 74 50 69 6c 6f 74 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 31 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a
                                                                                                                                                                                    Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223130004\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"AVG_AV\",\"18\":\"ZB_AVG_AV_TrustPilot\",\"19\":\"noChGroupx1\",\"21\":\"gamefabrique\",\"6\":
                                                                                                                                                                                    2024-12-23 17:59:58 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 15
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:57 GMT
                                                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 81ca2982b40de033ec660f6290bc0e20.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: i8qW67hLm-Yed9nFbQ-L8kLjb1MKSyMiEsuBzBIPcK8Xnuu1S72iNQ==
                                                                                                                                                                                    2024-12-23 17:59:58 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                    Data Ascii: {"Status":"OK"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    11192.168.2.44975152.35.239.1194434600C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 17:59:57 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    User-Agent: SA
                                                                                                                                                                                    X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                    Content-Length: 311
                                                                                                                                                                                    Host: analytics.apis.mcafee.com
                                                                                                                                                                                    2024-12-23 17:59:57 UTC311OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 30 42 34 33 38 43 30 32 2d 35 45 41 33 2d 34 33 31 36 2d 38 43 36 37 2d 41 31 39 31 44 45 30 37 32 45 36 44 7d 22 2c 22 65 61 22 3a 22 49 6e 73 74 61 6c 6c 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22
                                                                                                                                                                                    Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{0B438C02-5EA3-4316-8C67-A191DE072E6D}","ea":"Install","ec":"BootStrapInstaller","el":"Started"
                                                                                                                                                                                    2024-12-23 17:59:57 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 17:59:57 GMT
                                                                                                                                                                                    Content-Length: 17
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 17:59:57 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                    Data Ascii: {"message": "ok"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    12192.168.2.44976365.9.108.2134436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:00 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004a
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                    Content-Length: 368
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 18:00:00 UTC368OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 33 31 33 30 30 30 34 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 41 56 47 5f 42 52 57 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 4e 6f 72 74 6f 6e 5f 42 52 57 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 31 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c
                                                                                                                                                                                    Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223130004\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"AVG_BRW\",\"18\":\"ZB_Norton_BRW\",\"19\":\"noChGroupx1\",\"21\":\"gamefabrique\",\"6\":\"3\",
                                                                                                                                                                                    2024-12-23 18:00:01 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 15
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:00 GMT
                                                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 927285687bace94d90da4630edce9fec.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: TLV50-C2
                                                                                                                                                                                    X-Amz-Cf-Id: Nol9pWIq7RGyHcM31hZNnK74k41zw0gCSjfbVl3vBVjIPa2ln4TPpA==
                                                                                                                                                                                    2024-12-23 18:00:01 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                    Data Ascii: {"Status":"OK"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    13192.168.2.44977634.117.223.2234431028C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:03 UTC139OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Icarus Http/1.0
                                                                                                                                                                                    Content-Length: 1283
                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                    2024-12-23 18:00:03 UTC1283OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 32 35 2c 22 73 75 62 74 79 70 65 22 3a 31 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 66 37 30 38 36 37 39 36 2d 39 61 66 33 2d 34 39 63 31 2d 61 61 35 66 2d 34 63 34 33 65 33 36 30 36 37 38 65 22 2c 22 74 69 6d 65 22 3a 31 37 33 34 39 38 33 38 35 32 39 35 39 7d 2c 22 73 65 74 75 70 22 3a 7b 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 6f 70 65 72 61 74 69 6f 6e 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 31 39 66 62 32 33 30 66 2d 37 62 33 30 2d 34 33 39 39 2d 62 63 66 34 2d 32 34 64 37 32 31 66 64 61 33 30 34 22 2c 22 73 74 61 67 65 22 3a 22 73 66 78 2d 73 74 61 72 74 22 2c 22 74 69 74 6c 65 22 3a 22 22 7d 2c 22 70 72 6f 64 75 63 74 22 3a 7b 22 6e
                                                                                                                                                                                    Data Ascii: {"record":[{"event":{"type":25,"subtype":1,"request_id":"f7086796-9af3-49c1-aa5f-4c43e360678e","time":1734983852959},"setup":{"common":{"operation":"install","session_id":"19fb230f-7b30-4399-bcf4-24d721fda304","stage":"sfx-start","title":""},"product":{"n
                                                                                                                                                                                    2024-12-23 18:00:03 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:03 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:03 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    14192.168.2.44977752.35.239.1194434600C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:04 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    User-Agent: SA
                                                                                                                                                                                    X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                    Content-Length: 336
                                                                                                                                                                                    Host: analytics.apis.mcafee.com
                                                                                                                                                                                    2024-12-23 18:00:04 UTC336OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 30 42 34 33 38 43 30 32 2d 35 45 41 33 2d 34 33 31 36 2d 38 43 36 37 2d 41 31 39 31 44 45 30 37 32 45 36 44 7d 22 2c 22 65 61 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 3d 74 72 75 65 22 2c 22 65 63 22 3a 22 49 6e 70 75 74 50 61 72 61 6d 65 74 65 72 73 22 2c 22 65 6c
                                                                                                                                                                                    Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{0B438C02-5EA3-4316-8C67-A191DE072E6D}","ea":"PaidDistribution=true","ec":"InputParameters","el
                                                                                                                                                                                    2024-12-23 18:00:05 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:04 GMT
                                                                                                                                                                                    Content-Length: 17
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:05 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                    Data Ascii: {"message": "ok"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    15192.168.2.449778104.20.87.84434904C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:04 UTC324OUTPOST /?_=1734976801131&retry_tracking_count=0&last_request_error_code=0&last_request_error_message=&last_request_status=0&last_request_system_error=0&request_proxy=0 HTTP/1.1
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    User-Agent: NSIS_Jsisdl (Mozilla)
                                                                                                                                                                                    Host: stats.securebrowser.com
                                                                                                                                                                                    Content-Length: 4107
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-23 18:00:04 UTC4107OUTData Raw: 7b 0a 20 20 20 20 22 65 76 65 6e 74 22 3a 20 22 6e 6f 72 74 6f 6e 2e 69 6e 73 74 61 6c 6c 65 72 2e 72 65 6d 6f 74 65 22 2c 0a 20 20 20 20 22 73 63 68 65 6d 61 22 3a 20 22 32 33 22 2c 0a 20 20 20 20 22 61 72 67 5f 73 22 3a 20 22 31 22 2c 0a 20 20 20 20 22 61 72 67 5f 6d 61 6b 65 5f 64 65 66 61 75 6c 74 22 3a 20 22 31 22 2c 0a 20 20 20 20 22 61 72 67 5f 72 75 6e 5f 73 6f 75 72 63 65 22 3a 20 22 6e 6f 72 74 6f 6e 5f 70 70 69 5f 69 73 22 2c 0a 20 20 20 20 22 61 76 5f 76 65 72 73 69 6f 6e 5f 61 76 61 73 74 22 3a 20 22 22 2c 0a 20 20 20 20 22 61 76 5f 76 65 72 73 69 6f 6e 5f 61 76 67 22 3a 20 22 22 2c 0a 20 20 20 20 22 61 76 61 73 74 5f 62 65 74 61 22 3a 20 22 30 22 2c 0a 20 20 20 20 22 61 76 61 73 74 5f 65 64 69 74 69 6f 6e 5f 69 64 22 3a 20 22 22 2c 0a 20 20
                                                                                                                                                                                    Data Ascii: { "event": "norton.installer.remote", "schema": "23", "arg_s": "1", "arg_make_default": "1", "arg_run_source": "norton_ppi_is", "av_version_avast": "", "av_version_avg": "", "avast_beta": "0", "avast_edition_id": "",
                                                                                                                                                                                    2024-12-23 18:00:05 UTC266INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:05 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    vary: Accept-Encoding
                                                                                                                                                                                    access-control-allow-origin: *
                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 8f6a3fc67cca18bc-EWR
                                                                                                                                                                                    2024-12-23 18:00:05 UTC770INData Raw: 32 66 62 0d 0a 7b 22 61 76 5f 65 78 74 65 6e 73 69 6f 6e 73 5f 6e 61 74 69 76 65 22 3a 22 6c 68 6e 6e 6f 6b 6c 63 6b 6f 6d 63 66 64 6c 6b 6e 6d 6a 61 65 6e 6f 6f 64 6c 70 66 64 63 6c 63 2c 64 6d 66 64 61 63 69 62 6c 65 6f 61 70 6d 70 66 64 67 6f 6e 69 67 64 66 69 6e 6d 65 6b 68 67 70 22 2c 22 63 61 6d 70 61 69 67 6e 5f 67 72 6f 75 70 5f 69 64 22 3a 22 32 39 31 31 22 2c 22 63 61 6d 70 61 69 67 6e 5f 69 64 22 3a 22 32 39 32 33 39 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 73 74 65 72 5f 69 6e 73 74 61 6c 6c 22 3a 31 2c 22 72 65 6d 6f 74 65 5f 64 69 73 61 62 6c 65 22 3a 22 30 22 2c 22 72 65 71 75 65 73 74 5f 75 75 69 64 22 3a 22 30 30 62 65 64 31 39 30 61 32 62 64 34 33 35 33 38 61 61 66 64 35 35 62 35 33 61 30 33 61 35
                                                                                                                                                                                    Data Ascii: 2fb{"av_extensions_native":"lhnnoklckomcfdlknmjaenoodlpfdclc,dmfdacibleoapmpfdgonigdfinmekhgp","campaign_group_id":"2911","campaign_id":"29239","country_code":"US","register_install":1,"remote_disable":"0","request_uuid":"00bed190a2bd43538aafd55b53a03a5
                                                                                                                                                                                    2024-12-23 18:00:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    16192.168.2.44977934.117.223.2234431028C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:05 UTC139OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Icarus Http/1.0
                                                                                                                                                                                    Content-Length: 1314
                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                    2024-12-23 18:00:05 UTC1314OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 32 35 2c 22 73 75 62 74 79 70 65 22 3a 31 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 38 61 37 31 36 31 61 32 2d 33 62 30 61 2d 34 34 37 65 2d 38 64 36 33 2d 65 36 32 37 35 36 65 61 34 39 66 30 22 2c 22 74 69 6d 65 22 3a 31 37 33 34 39 38 33 38 35 33 32 32 32 7d 2c 22 73 65 74 75 70 22 3a 7b 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 6f 70 65 72 61 74 69 6f 6e 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 31 39 66 62 32 33 30 66 2d 37 62 33 30 2d 34 33 39 39 2d 62 63 66 34 2d 32 34 64 37 32 31 66 64 61 33 30 34 22 2c 22 73 74 61 67 65 22 3a 22 73 66 78 2d 70 72 65 70 61 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 22 7d 2c 22 70 72 6f 64 75 63 74 22
                                                                                                                                                                                    Data Ascii: {"record":[{"event":{"type":25,"subtype":1,"request_id":"8a7161a2-3b0a-447e-8d63-e62756ea49f0","time":1734983853222},"setup":{"common":{"operation":"install","session_id":"19fb230f-7b30-4399-bcf4-24d721fda304","stage":"sfx-preparing","title":""},"product"
                                                                                                                                                                                    2024-12-23 18:00:05 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:05 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:05 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    17192.168.2.44978618.161.108.2244436932C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:06 UTC326OUTPOST /zbd HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Authorization: Signature=7a3df5bffb92b105283675216c40c2064c46623fae8eca14857f2e130620004a
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                    Content-Length: 321
                                                                                                                                                                                    Host: d3ben4sjdmrs9v.cloudfront.net
                                                                                                                                                                                    2024-12-23 18:00:06 UTC321OUTData Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 32 33 31 33 30 30 30 34 5c 22 2c 5c 22 33 5c 22 3a 5c 22 5a 61 79 61 74 73 5c 22 2c 5c 22 34 5c 22 3a 5c 22 47 61 6d 65 73 34 57 69 6e 5c 22 2c 5c 22 35 5c 22 3a 5c 22 56 69 6f 6c 61 74 65 64 20 48 65 72 6f 69 6e 65 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 6e 6f 43 68 47 72 6f 75 70 78 31 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 67 61 6d 65 66 61 62 72 69 71 75 65 5c 22 2c 5c 22 36 5c 22 3a 5c 22 33 5c 22 2c 5c 22 37 5c
                                                                                                                                                                                    Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223130004\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"Violated Heroine\",\"18\":\"\",\"19\":\"noChGroupx1\",\"21\":\"gamefabrique\",\"6\":\"3\",\"7\
                                                                                                                                                                                    2024-12-23 18:00:07 UTC427INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 15
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:07 GMT
                                                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                    Via: 1.1 12462511bf75e25d997040c6b0156390.cloudfront.net (CloudFront)
                                                                                                                                                                                    X-Amz-Cf-Pop: MRS52-P4
                                                                                                                                                                                    X-Amz-Cf-Id: Go7okCyG-gCh6uW9KpAe_xlgFl1cN6ZmWG6tuhh2dpNcnmOGFIkZ2A==
                                                                                                                                                                                    2024-12-23 18:00:07 UTC15INData Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d
                                                                                                                                                                                    Data Ascii: {"Status":"OK"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    18192.168.2.449823104.20.87.84433872C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:17 UTC389OUTPOST /service/update2 HTTP/1.1
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    User-Agent: Google Update/1.8.1649.5;winhttp
                                                                                                                                                                                    X-Old-UID: age=-1; cnt=0
                                                                                                                                                                                    X-Goog-Update-Updater: Omaha-1.8.1649.5
                                                                                                                                                                                    X-Goog-Update-Interactivity: bg
                                                                                                                                                                                    X-Last-HR: 0x0
                                                                                                                                                                                    X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                    X-Retry-Count: 0
                                                                                                                                                                                    X-HTTP-Attempts: 1
                                                                                                                                                                                    Content-Length: 935
                                                                                                                                                                                    Host: update.norton.securebrowser.com
                                                                                                                                                                                    2024-12-23 18:00:17 UTC935OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 71 75 65 73 74 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 75 70 64 61 74 65 72 3d 22 4f 6d 61 68 61 22 20 6f 6d 61 68 61 69 64 3d 22 7b 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 7d 22 20 75 70 64 61 74 65 72 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 73 68 65 6c 6c 5f 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 69 73 6d 61 63 68 69 6e 65 3d 22 31 22 20 69 73 5f 6f 6d 61 68 61 36 34 62 69 74 3d 22 30 22 20 69 73 5f 6f 73 36 34 62 69 74 3d 22 31 22 20 73 65 73 73 69 6f 6e 69 64 3d 22 7b 41 32 37 41 33 44 43 36 2d 44 32 44 34 2d
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" omahaid="{5837B1A5-B72A-456A-B09F-F680E9AB5E02}" updaterversion="1.8.1649.5" shell_version="1.8.1649.5" ismachine="1" is_omaha64bit="0" is_os64bit="1" sessionid="{A27A3DC6-D2D4-
                                                                                                                                                                                    2024-12-23 18:00:18 UTC291INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:18 GMT
                                                                                                                                                                                    Content-Type: application/xml
                                                                                                                                                                                    Content-Length: 250
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-powered-by: Express
                                                                                                                                                                                    expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 8f6a401948e54244-EWR
                                                                                                                                                                                    2024-12-23 18:00:18 UTC250INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 73 70 6f 6e 73 65 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 36 34 38 31 38 22 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 35 33 36 22 3e 3c 2f 64 61 79 73 74 61 72 74 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 7b 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 7d 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 65 76 65 6e 74 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 2f 65 76 65 6e 74 3e 3c 2f 61 70 70 3e 3c 2f 72 65 73 70 6f 6e 73 65 3e
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><response protocol="3.0" server="prod"><daystart elapsed_seconds="64818" elapsed_days="6536"></daystart><app appid="{5837B1A5-B72A-456A-B09F-F680E9AB5E02}" status="ok"><event status="ok"></event></app></response>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    19192.168.2.449830104.20.87.8443928C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:19 UTC555OUTPOST /service/update2?cup2key=9:2325133778&cup2hreq=ef55a330628f0611717bfccc6e8f9491ad1839bd66c44bc74ad06e0136c3ddd4 HTTP/1.1
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    User-Agent: Google Update/1.8.1649.5;winhttp;cup-ecdsa
                                                                                                                                                                                    X-Old-UID: age=-1; cnt=0
                                                                                                                                                                                    X-Goog-Update-AppId: {3A3642E6-DE46-4F68-9887-AA017EEFE426}
                                                                                                                                                                                    X-Goog-Update-Updater: Omaha-1.8.1649.5
                                                                                                                                                                                    X-Goog-Update-Interactivity: fg
                                                                                                                                                                                    X-Last-HR: 0x0
                                                                                                                                                                                    X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                    X-Retry-Count: 0
                                                                                                                                                                                    X-HTTP-Attempts: 1
                                                                                                                                                                                    Content-Length: 882
                                                                                                                                                                                    Host: update.norton.securebrowser.com
                                                                                                                                                                                    2024-12-23 18:00:19 UTC882OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 71 75 65 73 74 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 75 70 64 61 74 65 72 3d 22 4f 6d 61 68 61 22 20 6f 6d 61 68 61 69 64 3d 22 7b 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 7d 22 20 75 70 64 61 74 65 72 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 73 68 65 6c 6c 5f 76 65 72 73 69 6f 6e 3d 22 31 2e 38 2e 31 36 34 39 2e 35 22 20 69 73 6d 61 63 68 69 6e 65 3d 22 31 22 20 69 73 5f 6f 6d 61 68 61 36 34 62 69 74 3d 22 30 22 20 69 73 5f 6f 73 36 34 62 69 74 3d 22 31 22 20 73 65 73 73 69 6f 6e 69 64 3d 22 7b 41 32 37 41 33 44 43 36 2d 44 32 44 34 2d
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" omahaid="{5837B1A5-B72A-456A-B09F-F680E9AB5E02}" updaterversion="1.8.1649.5" shell_version="1.8.1649.5" ismachine="1" is_omaha64bit="0" is_os64bit="1" sessionid="{A27A3DC6-D2D4-
                                                                                                                                                                                    2024-12-23 18:00:20 UTC507INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:20 GMT
                                                                                                                                                                                    Content-Type: application/xml
                                                                                                                                                                                    Content-Length: 1024
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-powered-by: Express
                                                                                                                                                                                    etag: 3045022100bd962d38c666ebf53e784f451ccb4f2ec0e06aa626f5d1e34986c7422b31faaa02204de2abc77bfcdeae6ae55b34c2ef70d4a463ca092b141282d1b5cde92ffe02b5:ef55a330628f0611717bfccc6e8f9491ad1839bd66c44bc74ad06e0136c3ddd4
                                                                                                                                                                                    expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 8f6a4024efe7efa9-EWR
                                                                                                                                                                                    2024-12-23 18:00:20 UTC862INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 72 65 73 70 6f 6e 73 65 20 70 72 6f 74 6f 63 6f 6c 3d 22 33 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 36 34 38 32 30 22 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 35 33 36 22 3e 3c 2f 64 61 79 73 74 61 72 74 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 7b 33 41 33 36 34 32 45 36 2d 44 45 34 36 2d 34 46 36 38 2d 39 38 38 37 2d 41 41 30 31 37 45 45 46 45 34 32 36 7d 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 75 70 64 61 74 65 63 68 65 63 6b 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 75 72 6c 73 3e 3c 75 72 6c 20 63 6f 64 65 62 61 73 65 3d 22 68 74 74
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><response protocol="3.0" server="prod"><daystart elapsed_seconds="64820" elapsed_days="6536"></daystart><app appid="{3A3642E6-DE46-4F68-9887-AA017EEFE426}" status="ok"><updatecheck status="ok"><urls><url codebase="htt
                                                                                                                                                                                    2024-12-23 18:00:20 UTC162INData Raw: 65 22 3e 3c 2f 61 63 74 69 6f 6e 3e 3c 61 63 74 69 6f 6e 20 76 65 72 73 69 6f 6e 3d 22 31 33 31 2e 30 2e 32 37 36 35 32 2e 38 37 22 20 65 76 65 6e 74 3d 22 70 6f 73 74 69 6e 73 74 61 6c 6c 22 20 6f 6e 73 75 63 63 65 73 73 3d 22 65 78 69 74 73 69 6c 65 6e 74 6c 79 6f 6e 6c 61 75 6e 63 68 63 6d 64 22 3e 3c 2f 61 63 74 69 6f 6e 3e 3c 2f 61 63 74 69 6f 6e 73 3e 3c 2f 6d 61 6e 69 66 65 73 74 3e 3c 2f 75 70 64 61 74 65 63 68 65 63 6b 3e 3c 2f 61 70 70 3e 3c 2f 72 65 73 70 6f 6e 73 65 3e
                                                                                                                                                                                    Data Ascii: e"></action><action version="131.0.27652.87" event="postinstall" onsuccess="exitsilentlyonlaunchcmd"></action></actions></manifest></updatecheck></app></response>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    20192.168.2.449831104.20.87.84435124C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:21 UTC453OUTGET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B2436EE44-C9FF-41E5-B07B-F9DE299AFB2E%7D&osversion=10.0&servicepack= HTTP/1.1
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    User-Agent: Google Update/1.8.1649.5;winhttp
                                                                                                                                                                                    X-Last-HR: 0x0
                                                                                                                                                                                    X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                    X-Retry-Count: 0
                                                                                                                                                                                    X-HTTP-Attempts: 1
                                                                                                                                                                                    Host: update.norton.securebrowser.com
                                                                                                                                                                                    2024-12-23 18:00:21 UTC327INHTTP/1.1 404 Not Found
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:21 GMT
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-powered-by: Express
                                                                                                                                                                                    content-security-policy: default-src 'none'
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 8f6a402e4d990f7c-EWR
                                                                                                                                                                                    2024-12-23 18:00:21 UTC379INData Raw: 31 37 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 73 65 72 76 69 63 65 2f 63 68 65 63 6b 32 26 61 6d 70 3b 61 70 70 69 64 3d 25 37 42 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 25 37 44 26 61 6d 70 3b 61 70 70 76 65 72 73 69 6f 6e 3d 31 2e 38 2e 31 36 34 39 2e 35 26 61 6d 70 3b 61 70 70 6c 61 6e 67 3d 26 61 6d 70 3b 6d 61 63 68 69 6e 65 3d 31 26 61 6d 70 3b 76 65 72 73 69 6f 6e 3d 31
                                                                                                                                                                                    Data Ascii: 174<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1
                                                                                                                                                                                    2024-12-23 18:00:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    21192.168.2.44983252.35.239.1194434600C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:21 UTC232OUTPUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    User-Agent: SA
                                                                                                                                                                                    X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI
                                                                                                                                                                                    Content-Length: 507
                                                                                                                                                                                    Host: analytics.apis.mcafee.com
                                                                                                                                                                                    2024-12-23 18:00:21 UTC507OUTData Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a
                                                                                                                                                                                    Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
                                                                                                                                                                                    2024-12-23 18:00:21 UTC95INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:21 GMT
                                                                                                                                                                                    Content-Length: 17
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:21 UTC17INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d
                                                                                                                                                                                    Data Ascii: {"message": "ok"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    22192.168.2.449839104.20.87.84435124C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:23 UTC479OUTGET /service/check2&appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&appversion=1.8.1649.5&applang=&machine=1&version=1.8.1649.5&userid=%7B2436EE44-C9FF-41E5-B07B-F9DE299AFB2E%7D&osversion=10.0&servicepack= HTTP/1.1
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    User-Agent: Google Update/1.8.1649.5;winhttp
                                                                                                                                                                                    X-Old-UID: age=-1; cnt=0
                                                                                                                                                                                    X-Last-HR: 0x0
                                                                                                                                                                                    X-Last-HTTP-Status-Code: 0
                                                                                                                                                                                    X-Retry-Count: 0
                                                                                                                                                                                    X-HTTP-Attempts: 1
                                                                                                                                                                                    Host: update.norton.securebrowser.com
                                                                                                                                                                                    2024-12-23 18:00:23 UTC327INHTTP/1.1 404 Not Found
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:23 GMT
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-powered-by: Express
                                                                                                                                                                                    content-security-policy: default-src 'none'
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 8f6a403ade80421f-EWR
                                                                                                                                                                                    2024-12-23 18:00:23 UTC379INData Raw: 31 37 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 73 65 72 76 69 63 65 2f 63 68 65 63 6b 32 26 61 6d 70 3b 61 70 70 69 64 3d 25 37 42 35 38 33 37 42 31 41 35 2d 42 37 32 41 2d 34 35 36 41 2d 42 30 39 46 2d 46 36 38 30 45 39 41 42 35 45 30 32 25 37 44 26 61 6d 70 3b 61 70 70 76 65 72 73 69 6f 6e 3d 31 2e 38 2e 31 36 34 39 2e 35 26 61 6d 70 3b 61 70 70 6c 61 6e 67 3d 26 61 6d 70 3b 6d 61 63 68 69 6e 65 3d 31 26 61 6d 70 3b 76 65 72 73 69 6f 6e 3d 31
                                                                                                                                                                                    Data Ascii: 174<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1
                                                                                                                                                                                    2024-12-23 18:00:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    23192.168.2.44988534.117.223.2234431028C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:39 UTC139OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    User-Agent: Icarus Http/1.0
                                                                                                                                                                                    Content-Length: 1365
                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                    2024-12-23 18:00:39 UTC1365OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 32 35 2c 22 73 75 62 74 79 70 65 22 3a 31 2c 22 72 65 71 75 65 73 74 5f 69 64 22 3a 22 61 66 61 63 63 36 66 38 2d 34 32 32 64 2d 34 32 38 65 2d 38 33 63 39 2d 61 39 30 38 64 37 35 35 34 32 63 36 22 2c 22 74 69 6d 65 22 3a 31 37 33 34 39 38 34 33 30 38 33 35 31 7d 2c 22 73 65 74 75 70 22 3a 7b 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 6f 70 65 72 61 74 69 6f 6e 22 3a 22 69 6e 73 74 61 6c 6c 22 2c 22 73 65 73 73 69 6f 6e 5f 69 64 22 3a 22 31 39 66 62 32 33 30 66 2d 37 62 33 30 2d 34 33 39 39 2d 62 63 66 34 2d 32 34 64 37 32 31 66 64 61 33 30 34 22 2c 22 73 74 61 67 65 22 3a 22 73 66 78 2d 72 75 6e 6e 69 6e 67 2d 69 63 61 72 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 41 56 47 20 41 6e 74
                                                                                                                                                                                    Data Ascii: {"record":[{"event":{"type":25,"subtype":1,"request_id":"afacc6f8-422d-428e-83c9-a908d75542c6","time":1734984308351},"setup":{"common":{"operation":"install","session_id":"19fb230f-7b30-4399-bcf4-24d721fda304","stage":"sfx-running-icarus","title":"AVG Ant
                                                                                                                                                                                    2024-12-23 18:00:39 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:39 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:39 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    24192.168.2.44989134.117.223.2234436376C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:40 UTC243OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                    User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Encoding: deflate, gzip
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 2218
                                                                                                                                                                                    2024-12-23 18:00:40 UTC2218OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 0a 09 22 65 76 65 6e 74 22 20 3a 20 0a 09 7b 0a 09 09 22 72 65 71 75 65 73 74 5f 69 64 22 20 3a 20 22 66 31 62 65 62 64 38 37 2d 38 64 61 62 2d 34 37 35 31 2d 38 38 66 35 2d 30 31 37 30 37 61 30 62 61 39 35 39 22 2c 0a 09 09 22 73 75 62 74 79 70 65 22 20 3a 20 31 2c 0a 09 09 22 74 69 6d 65 22 20 3a 20 31 37 33 34 39 38 33 38 39 30 35 32 39 2c 0a 09 09 22 74 79 70 65 22 20 3a 20 32 35 0a 09 7d 2c 0a 09 22 69 64 65 6e 74 69 74 79 22 20 3a 20 0a 09 7b 0a 09 09 22 65 6e 64 70 6f 69 6e 74 5f 69 64 22 20 3a 20 22 35 33 31 62 35 33 31 38 2d 66 31 62 37 2d 34 62 37 35 2d 39 61 34 36 2d 36 33 64 65 64 37 38 36 34 63 38 33 22 2c 0a 09 09 22 66 69 6e 67 65 72 70 72 69 6e 74 22 20 3a 20 22 45 41 32 37 33 38 43 41 30 43 34 46 41 41
                                                                                                                                                                                    Data Ascii: {"record":[{"event" : {"request_id" : "f1bebd87-8dab-4751-88f5-01707a0ba959","subtype" : 1,"time" : 1734983890529,"type" : 25},"identity" : {"endpoint_id" : "531b5318-f1b7-4b75-9a46-63ded7864c83","fingerprint" : "EA2738CA0C4FAA
                                                                                                                                                                                    2024-12-23 18:00:40 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:40 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:40 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    25192.168.2.44989334.160.176.284436376C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:40 UTC426OUTGET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_edi=15&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DF1173725680D0886F5A6F9D38DE669B7A&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av&p_ram=8191&p_vbd=9725&p_vep=24&p_ves=12&p_vre=2390&repoid=release& HTTP/1.1
                                                                                                                                                                                    Host: shepherd.avcdn.net
                                                                                                                                                                                    User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Encoding: deflate, gzip
                                                                                                                                                                                    2024-12-23 18:00:40 UTC586INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:40 GMT
                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                    Content-Length: 760
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                    Config-Id: 41
                                                                                                                                                                                    Config-Name: Icarus_ipm-messaging-in-22.11-and-higher_avg-av-release_avg-av-51d1a2ee7e934c7dc261eada94f8347942f7e8f283e725085eaec7cd8292a2b5
                                                                                                                                                                                    Config-Version: 624
                                                                                                                                                                                    Segments: ipm messaging in 22.11 and higher,avg-av release,avg-av
                                                                                                                                                                                    TTL: 86400
                                                                                                                                                                                    TTL-Spread: 43200
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: clear
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:40 UTC760INData Raw: 5b 75 69 2e 6f 66 66 65 72 2e 61 63 74 69 6f 6e 73 5d 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 75 69 2e 6f 66 66 65 72 2e 77 65 6c 63 6f 6d 65 5d 0d 0a 6c 6f 61 64 74 69 6d 65 72 3d 31 30 30 30 30 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 72 65 70 6f 72 74 69 6e 67 5d 0d 0a 64 69 73 61 62 6c 65 5f 63 68 65 63 6b 66 6f 72 75 70 64 61 74 65 73 3d 31 0d 0a 72 65 70 6f 72 74 5f 61 63 74 69 6f 6e 5f 69 64 73 3d 52 49 44 5f 30 30 31 2c 52 49 44 5f 30 30 32 0d 0a 5b 63 6f 6d 6d 6f 6e 5d 0d 0a 61 66 74 65 72 5f 72 75 6e 3d 31 0d 0a 63 6f 6e 66 69 67 2d 64 65 66 2d 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 68 65 70 68 65 72 64 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a
                                                                                                                                                                                    Data Ascii: [ui.offer.actions]url=https://ipm.avcdn.net/[ui.offer.welcome]loadtimer=10000url=https://ipm.avcdn.net/[reporting]disable_checkforupdates=1report_action_ids=RID_001,RID_002[common]after_run=1config-def-url=https://shepherd.avcdn.net/


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    26192.168.2.44990534.160.176.284436376C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:00:44 UTC421OUTGET /?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_icar=1&p_lng=en&p_midex=3F5C7CD44D1F6AC769934CADA267B4DF1173725680D0886F5A6F9D38DE669B7A&p_ost=0&p_osv=10.0&p_pro=111&p_prod=avg-av-vps&p_ram=8191&p_vbd=2304&p_vep=24&p_ves=12&p_vre=8777&repoid=release& HTTP/1.1
                                                                                                                                                                                    Host: shepherd.avcdn.net
                                                                                                                                                                                    User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Encoding: deflate, gzip
                                                                                                                                                                                    2024-12-23 18:00:44 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:00:44 GMT
                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                    Content-Length: 579
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                    Config-Id: 41
                                                                                                                                                                                    Config-Name: Icarus_ipm-messaging-in-22.11-and-higher-6f6731d3927a902e5458089ae4bf8e173bcfc4c29bdbb4e72f209f56c9856d53
                                                                                                                                                                                    Config-Version: 624
                                                                                                                                                                                    Segments: ipm messaging in 22.11 and higher
                                                                                                                                                                                    TTL: 86400
                                                                                                                                                                                    TTL-Spread: 43200
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: clear
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:00:44 UTC579INData Raw: 5b 75 69 2e 6f 66 66 65 72 2e 61 63 74 69 6f 6e 73 5d 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 75 69 2e 6f 66 66 65 72 2e 77 65 6c 63 6f 6d 65 5d 0d 0a 6c 6f 61 64 74 69 6d 65 72 3d 31 30 30 30 30 0d 0a 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 69 70 6d 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a 5b 72 65 70 6f 72 74 69 6e 67 5d 0d 0a 64 69 73 61 62 6c 65 5f 63 68 65 63 6b 66 6f 72 75 70 64 61 74 65 73 3d 31 0d 0a 72 65 70 6f 72 74 5f 61 63 74 69 6f 6e 5f 69 64 73 3d 52 49 44 5f 30 30 31 2c 52 49 44 5f 30 30 32 0d 0a 5b 63 6f 6d 6d 6f 6e 5d 0d 0a 61 66 74 65 72 5f 72 75 6e 3d 31 0d 0a 63 6f 6e 66 69 67 2d 64 65 66 2d 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 68 65 70 68 65 72 64 2e 61 76 63 64 6e 2e 6e 65 74 2f 0d 0a
                                                                                                                                                                                    Data Ascii: [ui.offer.actions]url=https://ipm.avcdn.net/[ui.offer.welcome]loadtimer=10000url=https://ipm.avcdn.net/[reporting]disable_checkforupdates=1report_action_ids=RID_001,RID_002[common]after_run=1config-def-url=https://shepherd.avcdn.net/


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    27192.168.2.44997034.117.223.2234436376C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:01:08 UTC243OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                    User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Encoding: deflate, gzip
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 3437
                                                                                                                                                                                    2024-12-23 18:01:08 UTC3437OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 0a 09 22 65 76 65 6e 74 22 20 3a 20 0a 09 7b 0a 09 09 22 72 65 71 75 65 73 74 5f 69 64 22 20 3a 20 22 32 33 31 34 64 39 39 32 2d 35 32 66 34 2d 34 32 36 33 2d 38 61 37 35 2d 36 62 35 37 38 35 38 61 32 37 66 38 22 2c 0a 09 09 22 73 75 62 74 79 70 65 22 20 3a 20 31 2c 0a 09 09 22 74 69 6d 65 22 20 3a 20 31 37 33 34 39 38 33 39 31 32 37 35 31 2c 0a 09 09 22 74 79 70 65 22 20 3a 20 32 35 0a 09 7d 2c 0a 09 22 69 64 65 6e 74 69 74 79 22 20 3a 20 0a 09 7b 0a 09 09 22 65 6e 64 70 6f 69 6e 74 5f 69 64 22 20 3a 20 22 35 33 31 62 35 33 31 38 2d 66 31 62 37 2d 34 62 37 35 2d 39 61 34 36 2d 36 33 64 65 64 37 38 36 34 63 38 33 22 2c 0a 09 09 22 66 69 6e 67 65 72 70 72 69 6e 74 22 20 3a 20 22 45 41 32 37 33 38 43 41 30 43 34 46 41 41
                                                                                                                                                                                    Data Ascii: {"record":[{"event" : {"request_id" : "2314d992-52f4-4263-8a75-6b57858a27f8","subtype" : 1,"time" : 1734983912751,"type" : 25},"identity" : {"endpoint_id" : "531b5318-f1b7-4b75-9a46-63ded7864c83","fingerprint" : "EA2738CA0C4FAA
                                                                                                                                                                                    2024-12-23 18:01:08 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:01:08 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:01:08 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    28192.168.2.44998934.117.223.223443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-23 18:01:10 UTC243OUTPOST /v4/receive/json/25 HTTP/1.1
                                                                                                                                                                                    Host: analytics.avcdn.net
                                                                                                                                                                                    User-Agent: libcurl/8.7.0-DEV Schannel zlib/1.3.1 c-ares/1.28.1 nghttp2/1.48.0
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Encoding: deflate, gzip
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 4033
                                                                                                                                                                                    2024-12-23 18:01:10 UTC4033OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 0a 09 22 65 76 65 6e 74 22 20 3a 20 0a 09 7b 0a 09 09 22 72 65 71 75 65 73 74 5f 69 64 22 20 3a 20 22 65 39 31 35 64 30 32 37 2d 36 64 38 30 2d 34 62 61 35 2d 61 38 38 30 2d 36 38 35 64 30 35 32 37 30 31 34 39 22 2c 0a 09 09 22 73 75 62 74 79 70 65 22 20 3a 20 31 2c 0a 09 09 22 74 69 6d 65 22 20 3a 20 31 37 33 34 39 37 36 38 36 37 38 36 32 2c 0a 09 09 22 74 79 70 65 22 20 3a 20 32 35 0a 09 7d 2c 0a 09 22 69 64 65 6e 74 69 74 79 22 20 3a 20 0a 09 7b 0a 09 09 22 65 6e 64 70 6f 69 6e 74 5f 69 64 22 20 3a 20 22 35 33 31 62 35 33 31 38 2d 66 31 62 37 2d 34 62 37 35 2d 39 61 34 36 2d 36 33 64 65 64 37 38 36 34 63 38 33 22 2c 0a 09 09 22 66 69 6e 67 65 72 70 72 69 6e 74 22 20 3a 20 22 45 41 32 37 33 38 43 41 30 43 34 46 41 41
                                                                                                                                                                                    Data Ascii: {"record":[{"event" : {"request_id" : "e915d027-6d80-4ba5-a880-685d05270149","subtype" : 1,"time" : 1734976867862,"type" : 25},"identity" : {"endpoint_id" : "531b5318-f1b7-4b75-9a46-63ded7864c83","fingerprint" : "EA2738CA0C4FAA
                                                                                                                                                                                    2024-12-23 18:01:10 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 23 Dec 2024 18:01:10 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-23 18:01:10 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                    Data Ascii: {"processed": true}


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:12:58:55
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:14'472'936 bytes
                                                                                                                                                                                    MD5 hash:6E4C8F2488186375ECC5701AE74A2A19
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                    Start time:12:58:56
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-VOOGM.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$10418,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:3'025'328 bytes
                                                                                                                                                                                    MD5 hash:B1F49F39D06B2CFDF18C9C19DAAA4C4F
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                    Start time:12:59:51
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                                    Imagebase:0x620000
                                                                                                                                                                                    File size:1'184'128 bytes
                                                                                                                                                                                    MD5 hash:143255618462A577DE27286A272584E1
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                    Start time:12:59:54
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA
                                                                                                                                                                                    Imagebase:0xef0000
                                                                                                                                                                                    File size:234'936 bytes
                                                                                                                                                                                    MD5 hash:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                    Start time:12:59:57
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:5'727'368 bytes
                                                                                                                                                                                    MD5 hash:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                    Start time:12:59:59
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Windows\Temp\asw.637ee06e7bed0476\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /ga_clientid:19fb230f-7b30-4399-bcf4-24d721fda304 /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476
                                                                                                                                                                                    Imagebase:0x600000
                                                                                                                                                                                    File size:1'691'384 bytes
                                                                                                                                                                                    MD5 hash:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                    Start time:13:00:02
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe "qBittorrent" ENABLE
                                                                                                                                                                                    Imagebase:0x1560000
                                                                                                                                                                                    File size:82'432 bytes
                                                                                                                                                                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                    Start time:13:00:02
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                    Start time:13:00:03
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-RB179.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7
                                                                                                                                                                                    Imagebase:0x4d0000
                                                                                                                                                                                    File size:23'891'968 bytes
                                                                                                                                                                                    MD5 hash:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                    Start time:13:00:03
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                    Imagebase:0x7ff6eef20000
                                                                                                                                                                                    File size:55'320 bytes
                                                                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                    Start time:13:00:04
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\nse2168.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                    Imagebase:0xdb0000
                                                                                                                                                                                    File size:1'910'576 bytes
                                                                                                                                                                                    MD5 hash:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                    Start time:13:00:08
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\GUM3C03.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                    Imagebase:0xcc0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                    Start time:13:00:09
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                    Imagebase:0x7ff70f330000
                                                                                                                                                                                    File size:55'320 bytes
                                                                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                    Start time:13:00:09
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6932 -ip 6932
                                                                                                                                                                                    Imagebase:0xc60000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                    Start time:13:00:09
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
                                                                                                                                                                                    Imagebase:0xc60000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                    Start time:13:00:12
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                    Start time:13:00:12
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                    Start time:13:00:12
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                    Imagebase:0x7ff7fa4f0000
                                                                                                                                                                                    File size:438'592 bytes
                                                                                                                                                                                    MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                    Start time:13:00:12
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                    Imagebase:0x7ff7fa4f0000
                                                                                                                                                                                    File size:438'592 bytes
                                                                                                                                                                                    MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                    Start time:13:00:12
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                    Imagebase:0x7ff7fa4f0000
                                                                                                                                                                                    File size:438'592 bytes
                                                                                                                                                                                    MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                    Start time:13:00:14
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                    Start time:13:00:14
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                    Start time:13:00:14
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                    Start time:13:00:14
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
                                                                                                                                                                                    Imagebase:0xfb0000
                                                                                                                                                                                    File size:383'232 bytes
                                                                                                                                                                                    MD5 hash:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                    Start time:13:00:14
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                    Start time:13:00:14
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
                                                                                                                                                                                    Imagebase:0x7ff674c00000
                                                                                                                                                                                    File size:404'480 bytes
                                                                                                                                                                                    MD5 hash:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                    Start time:13:00:14
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0EyN0EzREM2LUQyRDQtNDc4QS05Q0NGLUI5MTE3MDFCMjc1MH0iIHVzZXJpZD0iezI0MzZFRTQ0LUM5RkYtNDFFNS1CMDdCLUY5REUyOTlBRkIyRX0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDA5RUEtRkY0OS0xNzM4LUU4QzMtMTNGMEIwRjU4N0U2fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0Y1RjQ5MzZFLTM4QjUtNDkyOS1BRDVCLTM5NEJBQkM4MkZDRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTE1NyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                    Start time:13:00:15
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                    Imagebase:0x560000
                                                                                                                                                                                    File size:69'632 bytes
                                                                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                    Start time:13:00:15
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{A27A3DC6-D2D4-478A-9CCF-B911701B2750}" /silent
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                    Start time:13:00:16
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                    Start time:13:00:16
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
                                                                                                                                                                                    Imagebase:0xbb0000
                                                                                                                                                                                    File size:440'608 bytes
                                                                                                                                                                                    MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                    Start time:13:00:36
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304
                                                                                                                                                                                    Imagebase:0x7ff64a400000
                                                                                                                                                                                    File size:8'425'288 bytes
                                                                                                                                                                                    MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                    Start time:13:00:36
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6932 -ip 6932
                                                                                                                                                                                    Imagebase:0xc60000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:37
                                                                                                                                                                                    Start time:13:00:37
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 900
                                                                                                                                                                                    Imagebase:0xc60000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                    Start time:13:00:57
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av_slave_ep_63b86fed-aea9-4111-ad96-744efd95243c /slave:avg-av
                                                                                                                                                                                    Imagebase:0x7ff747470000
                                                                                                                                                                                    File size:8'425'288 bytes
                                                                                                                                                                                    MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                    Start time:13:00:57
                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                    Path:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\Temp\asw-68886095-5cd9-4786-af02-863a3db48033\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uVqgFwEetG2YrERbXxkFUeIK03xOGhzFcWeXYgx8kX0NdQWIQXRA4X2Goh2XLWbdA /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.637ee06e7bed0476 /track-guid:19fb230f-7b30-4399-bcf4-24d721fda304 /er_master:master_ep_2869db59-6f7a-48d3-bf23-5c3c7703e063 /er_ui:ui_ep_1bbc812c-1bbf-487d-90c3-6635e6dd44c1 /er_slave:avg-av-vps_slave_ep_a7fad2ef-b0bc-4eca-ba79-b29dd4a7a8de /slave:avg-av-vps
                                                                                                                                                                                    Imagebase:0x7ff6a7bc0000
                                                                                                                                                                                    File size:8'425'288 bytes
                                                                                                                                                                                    MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:6.8%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                      Signature Coverage:11.2%
                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                      Total number of Limit Nodes:45
                                                                                                                                                                                      execution_graph 83437 645204 RegOpenKeyExW 83438 645244 RegQueryValueExW 83437->83438 83439 6452e2 83437->83439 83441 6452ca RegCloseKey 83438->83441 83445 645275 83438->83445 83440 6ae960 _Yarn 14 API calls 83439->83440 83443 6452ea GetLastError 83440->83443 83441->83439 83442 64538b 83441->83442 83444 6453de OutputDebugStringW 83442->83444 83448 6453fd __cftof 83442->83448 83443->83442 83487 644f50 83444->83487 83445->83441 83447 6452b4 SetLastError RegCloseKey 83445->83447 83447->83439 83454 646ae0 5 API calls 83448->83454 83457 6453f0 83448->83457 83449 64549c OutputDebugStringW 83503 644e60 83449->83503 83451 645703 83455 64570c LoadLibraryExW 83451->83455 83466 6456f7 83451->83466 83452 6454b6 83456 644e60 3 API calls 83452->83456 83485 645584 83452->83485 83453 6455c4 83519 644dc0 83453->83519 83454->83457 83458 64571d GetLastError 83455->83458 83455->83466 83459 6454c8 83456->83459 83457->83449 83457->83485 83461 6ae960 _Yarn 14 API calls 83458->83461 83462 6454e8 83459->83462 83463 645510 83459->83463 83467 6ae960 _Yarn 14 API calls 83459->83467 83461->83466 83465 6b594f _Yarn 15 API calls 83462->83465 83463->83453 83471 644e60 3 API calls 83463->83471 83464 6456e7 83464->83466 83470 6ae960 _Yarn 14 API calls 83464->83470 83465->83463 83537 6a8367 83466->83537 83467->83462 83470->83466 83473 645531 83471->83473 83472 64577e 83507 644cc0 83473->83507 83475 644dc0 3 API calls 83476 64566a 83475->83476 83527 6b594f 83476->83527 83478 645546 __cftof 83478->83453 83512 646ae0 83478->83512 83480 644dc0 3 API calls 83481 6456ae 83480->83481 83483 644cc0 54 API calls 83481->83483 83484 6456cd OutputDebugStringW 83483->83484 83534 6ae960 83484->83534 83485->83451 83485->83453 83488 644f98 83487->83488 83495 645099 83487->83495 83489 644fae GetCurrentDirectoryW 83488->83489 83488->83495 83491 644fc5 83489->83491 83492 64500b GetLastError 83489->83492 83490 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83493 645109 83490->83493 83496 644fd6 GetCurrentDirectoryW 83491->83496 83494 644fec 83492->83494 83493->83457 83494->83495 83497 6b594f _Yarn 15 API calls 83494->83497 83495->83490 83496->83494 83498 644ff2 GetLastError 83496->83498 83499 645045 83497->83499 83498->83494 83499->83495 83500 644cc0 54 API calls 83499->83500 83501 645064 __cftof 83500->83501 83501->83495 83502 646ae0 5 API calls 83501->83502 83502->83495 83504 644e73 83503->83504 83506 644e7c 83503->83506 83505 644dc0 3 API calls 83504->83505 83505->83506 83506->83452 83508 644d2d 83507->83508 83509 644cce swprintf 83507->83509 83508->83478 83509->83508 83544 6b1faa 83509->83544 83513 646bb2 83512->83513 83514 646afc 83512->83514 83515 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83513->83515 83517 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83514->83517 83516 646bc0 83515->83516 83516->83485 83518 646bac 83517->83518 83518->83485 83520 644e49 83519->83520 83524 644dce 83519->83524 83520->83464 83520->83475 83521 644dec GetModuleFileNameW 83522 644e02 GetLastError 83521->83522 83523 644e23 83521->83523 83522->83523 83522->83524 83525 644e2f GetLastError 83523->83525 83526 644e28 83523->83526 83524->83521 83525->83526 83526->83520 83532 6c2174 std::_Locinfo::_W_Getdays 83527->83532 83528 6c21b2 83529 6ad73d __Wcscoll 14 API calls 83528->83529 83531 645697 83529->83531 83530 6c219d RtlAllocateHeap 83530->83531 83530->83532 83531->83464 83531->83480 83532->83528 83532->83530 83567 6bf60f EnterCriticalSection LeaveCriticalSection moneypunct 83532->83567 83568 6c2098 83534->83568 83536 6ae978 83536->83464 83538 6a836f 83537->83538 83539 6a8370 IsProcessorFeaturePresent 83537->83539 83538->83472 83541 6a9055 83539->83541 83574 6a9018 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 83541->83574 83543 6a9138 83543->83472 83547 6af2ec 83544->83547 83548 6af32c 83547->83548 83549 6af314 83547->83549 83548->83549 83550 6af334 83548->83550 83560 6ad73d 83549->83560 83563 6ae6db 48 API calls 2 library calls 83550->83563 83552 6af319 __cftoe 83554 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83552->83554 83556 644cf9 83554->83556 83555 6af344 swprintf 83564 6b01c8 54 API calls 4 library calls 83555->83564 83556->83478 83559 6af3cb 83565 6afafc 14 API calls _free 83559->83565 83566 6c1e00 14 API calls 2 library calls 83560->83566 83562 6ad742 83562->83552 83563->83555 83564->83559 83565->83552 83566->83562 83567->83532 83569 6c20a3 RtlFreeHeap 83568->83569 83573 6c20cc __dosmaperr 83568->83573 83570 6c20b8 83569->83570 83569->83573 83571 6ad73d __Wcscoll 12 API calls 83570->83571 83572 6c20be GetLastError 83571->83572 83572->83573 83573->83536 83574->83543 83575 6429e0 83576 642a15 83575->83576 83577 642a00 83575->83577 83580 642a2b 83576->83580 83590 642a54 83576->83590 83578 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83577->83578 83579 642a0f 83578->83579 83582 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83580->83582 83581 642b4c 83583 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83581->83583 83584 642a4e 83582->83584 83585 642b60 83583->83585 83587 642ae0 83587->83581 83588 642af0 83587->83588 83591 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83588->83591 83589 642b07 83597 642b1f 83589->83597 83599 6b569d 83589->83599 83590->83581 83590->83589 83592 642a86 83590->83592 83593 642b01 83591->83593 83592->83581 83607 6b4762 52 API calls 4 library calls 83592->83607 83595 642b34 83596 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83595->83596 83598 642b46 83596->83598 83597->83581 83597->83595 83600 6b56ab 83599->83600 83605 6b56bd __cftoe 83599->83605 83601 6b56b8 83600->83601 83602 6b56cc 83600->83602 83600->83605 83603 6ad73d __Wcscoll 14 API calls 83601->83603 83608 6b547e 83602->83608 83603->83605 83605->83597 83607->83587 83609 6b548a __FrameHandler3::FrameUnwindToState 83608->83609 83616 6b582c EnterCriticalSection 83609->83616 83611 6b5498 83617 6b54d9 83611->83617 83615 6b54b6 83615->83597 83616->83611 83625 6c2e58 83617->83625 83621 6b5508 83643 6c2f0b 68 API calls ___scrt_uninitialize_crt 83621->83643 83623 6b54a5 83624 6b54cd LeaveCriticalSection ___scrt_uninitialize_crt 83623->83624 83624->83615 83644 6c2e1c 83625->83644 83627 6c2e69 83649 6cec2a 83627->83649 83629 6b54ed 83634 6b551c 83629->83634 83630 6c2e6f 83630->83629 83656 6c2174 83630->83656 83633 6c2098 _free 14 API calls 83633->83629 83635 6b5541 __cftoe 83634->83635 83637 6b552e 83634->83637 83635->83621 83636 6b553c 83638 6ad73d __Wcscoll 14 API calls 83636->83638 83637->83635 83637->83636 83640 6b5564 _Yarn 83637->83640 83638->83635 83640->83635 83641 6c2e1c CallUnexpected 14 API calls 83640->83641 83664 6b4e41 83640->83664 83670 6c5ee6 83640->83670 83641->83640 83643->83623 83645 6c2e3d 83644->83645 83646 6c2e28 83644->83646 83645->83627 83647 6ad73d __Wcscoll 14 API calls 83646->83647 83648 6c2e2d __cftoe 83647->83648 83648->83627 83650 6cec44 83649->83650 83651 6cec37 83649->83651 83653 6cec50 83650->83653 83654 6ad73d __Wcscoll 14 API calls 83650->83654 83652 6ad73d __Wcscoll 14 API calls 83651->83652 83655 6cec3c __cftoe 83652->83655 83653->83630 83654->83655 83655->83630 83657 6c21b2 83656->83657 83661 6c2182 std::_Locinfo::_W_Getdays 83656->83661 83658 6ad73d __Wcscoll 14 API calls 83657->83658 83660 6c21b0 83658->83660 83659 6c219d RtlAllocateHeap 83659->83660 83659->83661 83660->83633 83661->83657 83661->83659 83663 6bf60f EnterCriticalSection LeaveCriticalSection moneypunct 83661->83663 83663->83661 83665 6b4e59 83664->83665 83669 6b4e7e 83664->83669 83666 6c2e1c CallUnexpected 14 API calls 83665->83666 83665->83669 83667 6b4e77 83666->83667 83668 6c5ee6 __wsopen_s 68 API calls 83667->83668 83668->83669 83669->83640 83671 6c5ef2 __FrameHandler3::FrameUnwindToState 83670->83671 83672 6c5efa 83671->83672 83673 6c5f12 83671->83673 83736 6ad72a 14 API calls __Wcscoll 83672->83736 83675 6c5fad 83673->83675 83679 6c5f44 83673->83679 83739 6ad72a 14 API calls __Wcscoll 83675->83739 83677 6c5eff 83680 6ad73d __Wcscoll 14 API calls 83677->83680 83678 6c5fb2 83681 6ad73d __Wcscoll 14 API calls 83678->83681 83693 6cace1 EnterCriticalSection 83679->83693 83692 6c5f07 __cftoe 83680->83692 83681->83692 83683 6c5f4a 83684 6c5f7b 83683->83684 83685 6c5f66 83683->83685 83694 6c5fd8 83684->83694 83686 6ad73d __Wcscoll 14 API calls 83685->83686 83688 6c5f6b 83686->83688 83737 6ad72a 14 API calls __Wcscoll 83688->83737 83689 6c5f76 83738 6c5fa5 LeaveCriticalSection __wsopen_s 83689->83738 83692->83640 83693->83683 83695 6c5ffa 83694->83695 83704 6c600b __cftoe 83694->83704 83696 6c5ffe 83695->83696 83698 6c604e 83695->83698 83757 6ad72a 14 API calls __Wcscoll 83696->83757 83700 6c6061 83698->83700 83740 6c698d 83698->83740 83699 6c6003 83701 6ad73d __Wcscoll 14 API calls 83699->83701 83743 6c5b7f 83700->83743 83701->83704 83704->83689 83706 6c60b6 83708 6c610f WriteFile 83706->83708 83709 6c60ca 83706->83709 83707 6c6077 83710 6c607b 83707->83710 83711 6c60a0 83707->83711 83712 6c6133 GetLastError 83708->83712 83726 6c60ed 83708->83726 83714 6c60ff 83709->83714 83715 6c60d5 83709->83715 83721 6c6096 83710->83721 83758 6c5b17 6 API calls __wsopen_s 83710->83758 83759 6c576d 53 API calls 6 library calls 83711->83759 83712->83726 83750 6c5bf0 83714->83750 83716 6c60ef 83715->83716 83717 6c60da 83715->83717 83761 6c5db4 8 API calls 3 library calls 83716->83761 83720 6c60df 83717->83720 83717->83721 83760 6c5ccb 7 API calls 2 library calls 83720->83760 83721->83704 83723 6c6159 83721->83723 83724 6c6183 83721->83724 83727 6c6177 83723->83727 83728 6c6160 83723->83728 83724->83704 83729 6ad73d __Wcscoll 14 API calls 83724->83729 83726->83721 83763 6ad707 14 API calls 2 library calls 83727->83763 83730 6ad73d __Wcscoll 14 API calls 83728->83730 83732 6c619b 83729->83732 83733 6c6165 83730->83733 83764 6ad72a 14 API calls __Wcscoll 83732->83764 83762 6ad72a 14 API calls __Wcscoll 83733->83762 83736->83677 83737->83689 83738->83692 83739->83678 83765 6c68f6 83740->83765 83744 6cec2a __wsopen_s 14 API calls 83743->83744 83745 6c5b90 83744->83745 83746 6c5be6 83745->83746 83788 6c1ca9 48 API calls 3 library calls 83745->83788 83746->83706 83746->83707 83748 6c5bb3 83748->83746 83749 6c5bcd GetConsoleMode 83748->83749 83749->83746 83751 6c5bff __wsopen_s 83750->83751 83754 6c5c6f WriteFile 83751->83754 83756 6c5cb0 83751->83756 83752 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83753 6c5cc9 83752->83753 83753->83721 83754->83751 83755 6c5cb2 GetLastError 83754->83755 83755->83756 83756->83752 83757->83699 83758->83721 83759->83721 83760->83726 83761->83726 83762->83704 83763->83704 83764->83704 83774 6caf5d 83765->83774 83767 6c6908 83768 6c6910 83767->83768 83769 6c6921 SetFilePointerEx 83767->83769 83770 6ad73d __Wcscoll 14 API calls 83768->83770 83771 6c6915 83769->83771 83772 6c6939 GetLastError 83769->83772 83770->83771 83771->83700 83785 6ad707 14 API calls 2 library calls 83772->83785 83775 6caf6a 83774->83775 83777 6caf7f 83774->83777 83786 6ad72a 14 API calls __Wcscoll 83775->83786 83781 6cafa4 83777->83781 83787 6ad72a 14 API calls __Wcscoll 83777->83787 83778 6caf6f 83780 6ad73d __Wcscoll 14 API calls 83778->83780 83784 6caf77 __cftoe 83780->83784 83781->83767 83782 6cafaf 83783 6ad73d __Wcscoll 14 API calls 83782->83783 83783->83784 83784->83767 83785->83771 83786->83778 83787->83782 83788->83748 83789 6c732a 83794 6c70bf 83789->83794 83791 6c7340 83792 6c7369 83791->83792 83804 6d0408 83791->83804 83798 6c70ed 83794->83798 83795 6c723d 83796 6ad73d __Wcscoll 14 API calls 83795->83796 83797 6c7248 __cftoe 83795->83797 83796->83797 83797->83791 83798->83795 83807 6b2041 83798->83807 83800 6c72a5 83800->83795 83801 6b2041 49 API calls 83800->83801 83802 6c72c3 83801->83802 83802->83795 83803 6b2041 49 API calls 83802->83803 83803->83795 83816 6cfb11 83804->83816 83806 6d0423 83806->83792 83808 6b204f 83807->83808 83812 6b2072 83807->83812 83809 6b2055 83808->83809 83808->83812 83811 6ad73d __Wcscoll 14 API calls 83809->83811 83814 6b205a __cftoe 83811->83814 83815 6b208d 49 API calls 2 library calls 83812->83815 83813 6b2088 83813->83800 83814->83800 83815->83813 83818 6cfb1d __FrameHandler3::FrameUnwindToState 83816->83818 83817 6cfb24 83819 6ad73d __Wcscoll 14 API calls 83817->83819 83818->83817 83820 6cfb4f 83818->83820 83824 6cfb29 __cftoe 83819->83824 83825 6d00de 83820->83825 83824->83806 83826 6d00fb 83825->83826 83827 6d0129 83826->83827 83828 6d0110 83826->83828 83872 6cadb9 83827->83872 83886 6ad72a 14 API calls __Wcscoll 83828->83886 83832 6d014e 83885 6cfe25 CreateFileW 83832->83885 83833 6d0137 83887 6ad72a 14 API calls __Wcscoll 83833->83887 83834 6ad73d __Wcscoll 14 API calls 83837 6cfb73 83834->83837 83871 6cfba6 LeaveCriticalSection __wsopen_s 83837->83871 83838 6d013c 83839 6ad73d __Wcscoll 14 API calls 83838->83839 83843 6d0115 83839->83843 83840 6d0204 GetFileType 83841 6d020f GetLastError 83840->83841 83842 6d0256 83840->83842 83890 6ad707 14 API calls 2 library calls 83841->83890 83891 6cad04 15 API calls 3 library calls 83842->83891 83843->83834 83844 6d01d9 GetLastError 83889 6ad707 14 API calls 2 library calls 83844->83889 83845 6d0187 83845->83840 83845->83844 83888 6cfe25 CreateFileW 83845->83888 83849 6d021d CloseHandle 83849->83843 83852 6d0246 83849->83852 83851 6d01cc 83851->83840 83851->83844 83854 6ad73d __Wcscoll 14 API calls 83852->83854 83853 6d0277 83855 6d02c3 83853->83855 83892 6d0034 70 API calls 3 library calls 83853->83892 83856 6d024b 83854->83856 83860 6d02ca 83855->83860 83908 6cfbd2 71 API calls 3 library calls 83855->83908 83856->83843 83859 6d02f8 83859->83860 83861 6d0306 83859->83861 83893 6c6b6c 83860->83893 83861->83837 83863 6d0382 CloseHandle 83861->83863 83909 6cfe25 CreateFileW 83863->83909 83865 6d03ad 83866 6d03e3 83865->83866 83867 6d03b7 GetLastError 83865->83867 83866->83837 83910 6ad707 14 API calls 2 library calls 83867->83910 83869 6d03c3 83911 6caecc 15 API calls 3 library calls 83869->83911 83871->83824 83873 6cadc5 __FrameHandler3::FrameUnwindToState 83872->83873 83912 6bcd41 EnterCriticalSection 83873->83912 83875 6cae13 83913 6caec3 83875->83913 83876 6cadcc 83876->83875 83877 6cadf1 83876->83877 83882 6cae60 EnterCriticalSection 83876->83882 83916 6cab93 15 API calls 3 library calls 83877->83916 83881 6cadf6 83881->83875 83917 6cace1 EnterCriticalSection 83881->83917 83882->83875 83883 6cae6d LeaveCriticalSection 83882->83883 83883->83876 83885->83845 83886->83843 83887->83838 83888->83851 83889->83843 83890->83849 83891->83853 83892->83855 83894 6caf5d __wsopen_s 14 API calls 83893->83894 83897 6c6b7c 83894->83897 83895 6c6b82 83919 6caecc 15 API calls 3 library calls 83895->83919 83897->83895 83898 6c6bb4 83897->83898 83901 6caf5d __wsopen_s 14 API calls 83897->83901 83898->83895 83899 6caf5d __wsopen_s 14 API calls 83898->83899 83902 6c6bc0 CloseHandle 83899->83902 83900 6c6bda 83903 6c6bfc 83900->83903 83920 6ad707 14 API calls 2 library calls 83900->83920 83904 6c6bab 83901->83904 83902->83895 83906 6c6bcc GetLastError 83902->83906 83903->83837 83905 6caf5d __wsopen_s 14 API calls 83904->83905 83905->83898 83906->83895 83908->83859 83909->83865 83910->83869 83911->83866 83912->83876 83918 6bcd91 LeaveCriticalSection 83913->83918 83915 6cae33 83915->83832 83915->83833 83916->83881 83917->83875 83918->83915 83919->83900 83920->83903 83921 6a97ac 83922 6a97bc 83921->83922 83925 69293c 83922->83925 83951 69269d 83925->83951 83928 6929a9 83929 6928da DloadReleaseSectionWriteAccess 8 API calls 83928->83929 83930 6929b4 RaiseException 83929->83930 83946 692ba2 83930->83946 83931 692a45 LoadLibraryExA 83932 692a58 GetLastError 83931->83932 83933 692aa6 83931->83933 83938 692a6b 83932->83938 83939 692a81 83932->83939 83936 692ab1 FreeLibrary 83933->83936 83940 692ab8 83933->83940 83934 692b16 GetProcAddress 83935 692b74 83934->83935 83942 692b26 GetLastError 83934->83942 83957 6928da 83935->83957 83936->83940 83937 6929cd 83937->83931 83937->83933 83937->83935 83937->83940 83938->83933 83938->83939 83941 6928da DloadReleaseSectionWriteAccess 8 API calls 83939->83941 83940->83934 83940->83935 83943 692a8c RaiseException 83941->83943 83944 692b39 83942->83944 83943->83946 83944->83935 83947 6928da DloadReleaseSectionWriteAccess 8 API calls 83944->83947 83948 692b5a RaiseException 83947->83948 83949 69269d ___delayLoadHelper2@8 7 API calls 83948->83949 83950 692b71 83949->83950 83950->83935 83952 6926a9 83951->83952 83953 6926ca 83951->83953 83965 692743 83952->83965 83953->83928 83953->83937 83955 6926ae 83955->83953 83970 69286c 83955->83970 83958 6928ec 83957->83958 83959 69290e 83957->83959 83960 692743 DloadReleaseSectionWriteAccess 4 API calls 83958->83960 83959->83946 83961 6928f1 83960->83961 83962 692909 83961->83962 83963 69286c DloadProtectSection 3 API calls 83961->83963 83977 692910 GetModuleHandleW GetProcAddress GetProcAddress ReleaseSRWLockExclusive DloadGetSRWLockFunctionPointers 83962->83977 83963->83962 83975 6926d0 GetModuleHandleW GetProcAddress GetProcAddress 83965->83975 83967 692748 83968 692760 AcquireSRWLockExclusive 83967->83968 83969 692764 83967->83969 83968->83955 83969->83955 83971 692881 DloadObtainSection 83970->83971 83972 6928bc VirtualProtect 83971->83972 83973 692887 83971->83973 83976 692782 VirtualQuery GetSystemInfo 83971->83976 83972->83973 83973->83953 83975->83967 83976->83972 83977->83959 83978 6a8aa2 83979 6a8aae __FrameHandler3::FrameUnwindToState 83978->83979 84006 6a83f9 11 API calls ___scrt_uninitialize_crt 83979->84006 83981 6a8ab5 83982 6a8c08 83981->83982 83990 6a8adf ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 83981->83990 84015 6a93f2 4 API calls 2 library calls 83982->84015 83984 6a8c0f 84016 6be9fc 23 API calls CallUnexpected 83984->84016 83986 6a8c15 84017 6be9c0 23 API calls CallUnexpected 83986->84017 83988 6a8c1d 83989 6a8afe 83990->83989 83991 6a8b80 83990->83991 83994 6a8b78 83990->83994 84007 6a950d GetStartupInfoW __cftof 83991->84007 83993 6a8b85 84008 6359aa 83993->84008 84011 6bc768 54 API calls 4 library calls 83994->84011 83997 6a8b7f 83997->83991 84000 6a8ba1 84000->83984 84001 6a8ba5 84000->84001 84002 6a8bae 84001->84002 84013 6be9b1 23 API calls CallUnexpected 84001->84013 84014 6a856a 79 API calls ___scrt_uninitialize_crt 84002->84014 84005 6a8bb6 84005->83989 84006->83981 84007->83993 84018 634e1f 84008->84018 84011->83997 84012 6a9543 GetModuleHandleW 84012->84000 84013->84002 84014->84005 84015->83984 84016->83986 84017->83988 84261 65d6d0 GetModuleHandleW 84018->84261 84020 634e6c 84021 634ec6 84020->84021 84514 639bb0 InitOnceBeginInitialize 84020->84514 84265 634d63 84021->84265 84026 634ee0 84029 639bb0 125 API calls 84026->84029 84027 634f39 CoInitializeEx 84031 634f48 84027->84031 84034 634ee5 84029->84034 84032 634f56 84031->84032 84285 635a4f 84031->84285 84322 6a8760 84032->84322 84037 639940 164 API calls 84034->84037 84040 634ef5 84037->84040 84042 631b84 79 API calls 84040->84042 84044 634f16 84042->84044 84047 631be0 76 API calls 84044->84047 84049 634f26 84047->84049 84048 634f91 84050 634ff1 84048->84050 84051 634f9b 84048->84051 84052 63136c 163 API calls 84049->84052 84053 6a8760 27 API calls 84050->84053 84054 639bb0 125 API calls 84051->84054 84055 634f31 84052->84055 84056 635004 84053->84056 84057 634fa0 84054->84057 84058 6358e3 CloseHandle 84055->84058 84059 6358ef 84055->84059 84329 635db6 84056->84329 84060 639940 164 API calls 84057->84060 84058->84059 84061 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84059->84061 84062 634fb0 84060->84062 84063 63590c 84061->84063 84065 631b84 79 API calls 84062->84065 84063->84012 84066 634fd1 84065->84066 84068 631be0 76 API calls 84066->84068 84067 635020 84069 63507b __cftof 84067->84069 84070 63502e 84067->84070 84071 634fe1 84068->84071 84076 6a8760 27 API calls 84069->84076 84072 639bb0 125 API calls 84070->84072 84073 63136c 163 API calls 84071->84073 84074 635033 84072->84074 84082 634fec 84073->84082 84075 639940 164 API calls 84074->84075 84077 635043 84075->84077 84078 6350c0 84076->84078 84079 631b84 79 API calls 84077->84079 84080 6350d6 84078->84080 84550 646bd0 29 API calls 3 library calls 84078->84550 84081 63505b 84079->84081 84333 635e16 84080->84333 84086 631be0 76 API calls 84081->84086 84572 6359c2 ReleaseMutex 84082->84572 84089 63506b 84086->84089 84087 6358ce 84087->84055 84090 6358d4 CoUninitialize 84087->84090 84088 6350e7 84091 6350f2 84088->84091 84095 635143 84088->84095 84092 63136c 163 API calls 84089->84092 84090->84055 84093 639bb0 125 API calls 84091->84093 84092->84082 84094 6350f7 84093->84094 84096 639940 164 API calls 84094->84096 84339 663670 84095->84339 84098 635107 84096->84098 84100 631b84 79 API calls 84098->84100 84103 635123 84100->84103 84101 6351f7 CommandLineToArgvW 84112 635235 84101->84112 84113 635284 __cftof 84101->84113 84102 6351ab 84104 639bb0 125 API calls 84102->84104 84105 631be0 76 API calls 84103->84105 84106 6351b0 84104->84106 84107 635133 84105->84107 84108 639940 164 API calls 84106->84108 84109 63136c 163 API calls 84107->84109 84111 6351c0 84108->84111 84118 63513e 84109->84118 84114 631b84 79 API calls 84111->84114 84115 639bb0 125 API calls 84112->84115 84117 635296 GetModuleFileNameW 84113->84117 84116 6351dc 84114->84116 84120 63523a 84115->84120 84121 631be0 76 API calls 84116->84121 84122 6352b2 84117->84122 84123 63531d 84117->84123 84571 635946 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84118->84571 84124 639940 164 API calls 84120->84124 84151 6351ec 84121->84151 84126 639bb0 125 API calls 84122->84126 84373 63d730 84123->84373 84127 63524a 84124->84127 84129 6352b7 84126->84129 84130 631b84 79 API calls 84127->84130 84128 63532c __cftof 84134 635344 GetLongPathNameW 84128->84134 84132 639940 164 API calls 84129->84132 84133 635266 84130->84133 84131 63136c 163 API calls 84131->84118 84135 6352c7 84132->84135 84136 631be0 76 API calls 84133->84136 84137 63536d 84134->84137 84177 635416 84134->84177 84138 631b84 79 API calls 84135->84138 84139 635276 GetLastError 84136->84139 84140 639bb0 125 API calls 84137->84140 84141 6352e3 84138->84141 84143 6352ff 84139->84143 84144 635372 84140->84144 84145 631be0 76 API calls 84141->84145 84551 636140 84143->84551 84148 639940 164 API calls 84144->84148 84149 6352f3 GetLastError 84145->84149 84149->84143 84151->84131 84398 63171d 84177->84398 84262 65d6fd 84261->84262 84263 65d6df GetProcAddress 84261->84263 84262->84020 84263->84262 84264 65d6ef 84263->84264 84264->84020 84573 634c8e GetCurrentProcessId 84265->84573 84268 634df0 84268->84026 84268->84027 84269 634d7f CreateMutexW 84270 634d92 84269->84270 84271 634df4 WaitForSingleObject 84269->84271 84273 639bb0 125 API calls 84270->84273 84271->84268 84272 634e06 84271->84272 84272->84268 84274 634e0b CloseHandle 84272->84274 84275 634d97 84273->84275 84274->84268 84276 639940 164 API calls 84275->84276 84277 634da5 84276->84277 84278 631b84 79 API calls 84277->84278 84279 634dc2 84278->84279 84280 631be0 76 API calls 84279->84280 84281 634dd0 GetLastError 84280->84281 84282 636140 75 API calls 84281->84282 84283 634de7 84282->84283 84284 63136c 163 API calls 84283->84284 84284->84268 84286 635a5e __EH_prolog3_GS 84285->84286 85070 635c1e 84286->85070 84289 635a78 84291 639bb0 125 API calls 84289->84291 84290 635b92 _com_issue_error 84292 635a7d 84291->84292 84293 639940 164 API calls 84292->84293 84294 635a8d 84293->84294 84296 631b84 79 API calls 84294->84296 84295 635acc 84295->84290 84297 635af5 84295->84297 84298 635b38 84295->84298 84299 635aa9 84296->84299 84301 639bb0 125 API calls 84297->84301 84300 639bb0 125 API calls 84298->84300 84302 631be0 76 API calls 84299->84302 84303 635b3d 84300->84303 84304 635afa 84301->84304 84305 635ab9 84302->84305 84306 639940 164 API calls 84303->84306 84307 639940 164 API calls 84304->84307 85077 636300 75 API calls 84305->85077 84309 635b4d 84306->84309 84310 635b0a 84307->84310 84312 631b84 79 API calls 84309->84312 84313 631b84 79 API calls 84310->84313 84311 635ac7 84315 63136c 163 API calls 84311->84315 84314 635b69 84312->84314 84316 635b26 84313->84316 84317 631be0 76 API calls 84314->84317 84318 635b84 84315->84318 84319 631be0 76 API calls 84316->84319 84317->84311 85078 6a8def 5 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 84318->85078 84319->84305 84323 6a8713 moneypunct 27 API calls 84322->84323 84324 634f78 84323->84324 84325 635d57 84324->84325 84326 635d63 __EH_prolog3 84325->84326 84327 6a8713 moneypunct 27 API calls 84326->84327 84328 635d7c Concurrency::cancel_current_task moneypunct 84327->84328 84328->84048 84330 635dc2 __EH_prolog3 84329->84330 84331 6a8713 moneypunct 27 API calls 84330->84331 84332 635ddb moneypunct 84331->84332 84332->84067 84334 635e22 __EH_prolog3 84333->84334 84335 6a8713 moneypunct 27 API calls 84334->84335 84336 635e3b 84335->84336 85079 635eee 84336->85079 84338 635e6c moneypunct 84338->84088 84340 6636ae 84339->84340 84371 663977 84340->84371 85084 646d24 84340->85084 84342 663750 84343 6a8713 moneypunct 27 API calls 84342->84343 84342->84371 84344 66375f 84343->84344 84347 663799 84344->84347 85251 668ba0 27 API calls moneypunct 84344->85251 84346 6639df 84348 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84346->84348 85130 669400 GetModuleHandleW 84347->85130 84350 6351a7 84348->84350 84350->84101 84350->84102 84371->84346 85258 668650 84371->85258 84374 63d796 84373->84374 84375 63d76f 84373->84375 84376 63d7ab 84374->84376 84383 63d8bc 84374->84383 84375->84128 84377 63da86 84376->84377 84382 63d80b 84376->84382 84395 63d7de _Yarn Concurrency::cancel_current_task 84376->84395 86296 6334d0 21 API calls collate 84377->86296 84379 63da90 86297 6334d0 21 API calls collate 84379->86297 84380 63da8b Concurrency::cancel_current_task 84380->84379 84382->84380 84384 63d872 84382->84384 84385 63d84b 84382->84385 84383->84379 84383->84380 84391 63d953 84383->84391 84392 63d97a 84383->84392 84383->84395 84390 6a8713 moneypunct 27 API calls 84384->84390 84384->84395 84385->84380 84388 63d856 84385->84388 84386 6ad60f 11 API calls 84393 63da9a 84386->84393 84387 63da69 Concurrency::cancel_current_task 84387->84128 84389 6a8713 moneypunct 27 API calls 84388->84389 84389->84395 84390->84395 84391->84380 84394 63d95e 84391->84394 84392->84395 84397 6a8713 moneypunct 27 API calls 84392->84397 84396 6a8713 moneypunct 27 API calls 84394->84396 84395->84386 84395->84387 84396->84395 84397->84395 84399 631725 84398->84399 84399->84399 84400 63347e 28 API calls 84399->84400 84515 639c45 84514->84515 84516 639bef 84514->84516 88356 6b41c9 48 API calls CallUnexpected 84515->88356 84517 639c27 84516->84517 88326 639c50 84516->88326 84520 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84517->84520 84523 634e7a 84520->84523 84524 639940 84523->84524 84525 639985 84524->84525 84526 639a1c 84524->84526 84525->84526 84529 63998e __cftof 84525->84529 88435 63b420 163 API calls 2 library calls 84526->88435 84528 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84530 634e8a 84528->84530 88432 63b420 163 API calls 2 library calls 84529->88432 84539 631b84 84530->84539 84532 6399d5 88433 639820 76 API calls 84532->88433 84534 6399e9 88434 63b690 79 API calls Concurrency::cancel_current_task 84534->88434 84536 6399f8 84537 63b8a0 163 API calls 84536->84537 84538 639a00 std::ios_base::_Ios_base_dtor 84537->84538 84538->84528 84540 631bb6 84539->84540 84541 631bbf 84539->84541 88436 6380b0 84540->88436 84543 631be0 84541->84543 84544 631c27 84543->84544 84545 631c1c 84543->84545 84547 63136c 84544->84547 88479 6320a0 76 API calls 4 library calls 84545->88479 84548 63b8a0 163 API calls 84547->84548 84549 63139a std::ios_base::_Ios_base_dtor 84548->84549 84549->84021 84550->84080 84571->84082 84572->84087 84574 634cb0 CreateToolhelp32Snapshot 84573->84574 84575 634cc5 Process32FirstW 84574->84575 84583 634cdd 84574->84583 84575->84583 84576 634d44 84579 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84576->84579 84578 634ce3 Process32NextW 84578->84583 84581 634d58 84579->84581 84580 634cf9 CloseHandle 84580->84583 84581->84268 84581->84269 84582 6b2041 49 API calls 84582->84583 84583->84574 84583->84576 84583->84578 84583->84580 84583->84582 84584 633899 5 API calls 84583->84584 84585 644590 84583->84585 84584->84583 84596 644760 84585->84596 84588 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84589 64468c 84588->84589 84589->84583 84590 644693 84607 6ad60f 84590->84607 84591 644650 Concurrency::cancel_current_task 84591->84588 84611 644200 OpenProcess 84596->84611 84598 6447a8 84601 6447b2 84598->84601 84683 63daa0 29 API calls 4 library calls 84598->84683 84599 6447e2 Concurrency::cancel_current_task 84602 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84599->84602 84601->84599 84603 644935 84601->84603 84604 644604 84602->84604 84605 6ad60f 11 API calls 84603->84605 84604->84590 84604->84591 84606 64493a 84605->84606 84608 6ad61e 84607->84608 85060 6ad62c IsProcessorFeaturePresent 84608->85060 84610 6ad62b 84612 644267 84611->84612 84619 644310 84611->84619 84613 639bb0 125 API calls 84612->84613 84614 64426c 84613->84614 84616 639940 164 API calls 84614->84616 84618 64427c 84616->84618 84617 644351 QueryFullProcessImageNameW 84617->84619 84620 644375 GetLastError 84617->84620 84622 631b84 79 API calls 84618->84622 84621 64447f 84619->84621 84684 6446c0 84619->84684 84620->84619 84623 644387 84620->84623 84624 639bb0 125 API calls 84621->84624 84625 644298 84622->84625 84626 639bb0 125 API calls 84623->84626 84628 644484 84624->84628 84716 631cc0 76 API calls 84625->84716 84627 64438c 84626->84627 84630 639940 164 API calls 84627->84630 84631 639940 164 API calls 84628->84631 84633 64439c 84630->84633 84634 644494 84631->84634 84632 6442a3 84635 636140 75 API calls 84632->84635 84637 631b84 79 API calls 84633->84637 84638 631b84 79 API calls 84634->84638 84636 6442b1 84635->84636 84639 644940 76 API calls 84636->84639 84640 6443b8 84637->84640 84641 6444b0 84638->84641 84643 6442bc GetLastError 84639->84643 84690 6449d0 84640->84690 84642 631be0 76 API calls 84641->84642 84645 6444c0 84642->84645 84646 636140 75 API calls 84643->84646 84648 636140 75 API calls 84645->84648 84649 6442d3 84646->84649 84647 6443c3 84650 636140 75 API calls 84647->84650 84651 6444ce 84648->84651 84652 63b8a0 163 API calls 84649->84652 84653 6443d1 84650->84653 84717 644a60 76 API calls 84651->84717 84661 6442de std::ios_base::_Ios_base_dtor 84652->84661 84695 644940 84653->84695 84656 6444d9 84658 634190 5 API calls 84656->84658 84657 6443dc 84659 636140 75 API calls 84657->84659 84660 6444f5 84658->84660 84662 6443ea 84659->84662 84663 63b8a0 163 API calls 84660->84663 84665 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84661->84665 84700 63b8a0 84662->84700 84668 644462 std::ios_base::_Ios_base_dtor Concurrency::cancel_current_task 84663->84668 84666 64457a 84665->84666 84666->84598 84667 6443f5 std::ios_base::_Ios_base_dtor 84667->84668 84670 644581 84667->84670 84668->84661 84669 64455a CloseHandle 84668->84669 84669->84661 84671 6ad60f 11 API calls 84670->84671 84672 644586 84671->84672 84673 644760 203 API calls 84672->84673 84674 644604 84673->84674 84677 644693 84674->84677 84678 644650 Concurrency::cancel_current_task 84674->84678 84675 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84676 64468c 84675->84676 84676->84598 84679 6ad60f 11 API calls 84677->84679 84678->84675 84680 644698 84679->84680 84681 6446b3 84680->84681 84682 6446ac CloseHandle 84680->84682 84681->84598 84682->84681 84683->84601 84685 6446d3 84684->84685 84686 6446e9 84684->84686 84685->84617 84689 6446fa 84686->84689 84718 638eb0 28 API calls 4 library calls 84686->84718 84688 64474a 84688->84617 84689->84617 84691 644a0c 84690->84691 84692 644a3e 84690->84692 84719 6320a0 76 API calls 4 library calls 84691->84719 84692->84647 84694 644a1e 84694->84647 84696 64497c 84695->84696 84697 6449ae 84695->84697 84720 6320a0 76 API calls 4 library calls 84696->84720 84697->84657 84699 64498e 84699->84657 84701 63b8ff 84700->84701 84709 63b96c Concurrency::cancel_current_task 84700->84709 84721 639ab0 84701->84721 84703 63b910 84726 63ba20 84703->84726 84706 63b9e0 84706->84667 84707 63b927 84740 6407c0 84707->84740 84814 6420f0 84707->84814 84818 640890 84707->84818 84708 63b93c 84708->84709 84710 63ba0d 84708->84710 84888 63cd20 84709->84888 84711 6ad60f 11 API calls 84710->84711 84712 63ba12 84711->84712 84716->84632 84717->84656 84718->84688 84719->84694 84720->84699 84722 639b1a 84721->84722 84723 639aec 84721->84723 84722->84703 84891 6320a0 76 API calls 4 library calls 84723->84891 84725 639afa 84725->84703 84729 63ba83 84726->84729 84727 63bba2 84906 6334d0 21 API calls collate 84727->84906 84729->84727 84731 63bb9d Concurrency::cancel_current_task 84729->84731 84733 63bb43 84729->84733 84734 63bb64 84729->84734 84739 63baca _Yarn 84729->84739 84730 63bb50 84732 6ad60f 11 API calls 84730->84732 84730->84739 84731->84727 84735 63bbac 84732->84735 84733->84731 84736 63bb4a 84733->84736 84738 6a8713 moneypunct 27 API calls 84734->84738 84734->84739 84892 6a8713 84736->84892 84738->84739 84739->84707 84741 6407cb Concurrency::cancel_current_task 84740->84741 84742 6ad60f 11 API calls 84741->84742 84743 64083b Concurrency::cancel_current_task __Mtx_destroy_in_situ 84741->84743 84744 640884 84742->84744 84743->84708 84907 693bab 84744->84907 84747 641045 85017 693faf 84747->85017 84748 6408e8 84749 6408f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 84748->84749 84753 640a51 __cftof 84748->84753 84754 640911 84749->84754 84766 640fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 84749->84766 84751 64104b 84752 6ad60f 11 API calls 84751->84752 84940 643110 84753->84940 84910 63f520 84754->84910 84755 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84758 64103f 84755->84758 84758->84708 84759 640a84 84760 640fa9 84759->84760 84765 6a8713 moneypunct 27 API calls 84759->84765 84812 640c43 _Yarn 84759->84812 85016 642b90 73 API calls Concurrency::cancel_current_task 84760->85016 84761 640991 84925 63e640 84761->84925 84769 640ae1 __cftof 84765->84769 84766->84755 84978 693367 84769->84978 84771 6409ec Concurrency::cancel_current_task 84773 640a31 84771->84773 84774 640a1d 84771->84774 84773->84753 84774->84766 84955 6389b0 84812->84955 84815 6420f9 84814->84815 84817 642123 84814->84817 84815->84817 85036 6b4ef7 84815->85036 84817->84708 84819 693bab 13 API calls 84818->84819 84820 6408dd 84819->84820 84821 641045 84820->84821 84822 6408e8 84820->84822 84824 693faf 79 API calls 84821->84824 84823 6408f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 84822->84823 84827 640a51 __cftof 84822->84827 84828 640911 84823->84828 84840 640fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 84823->84840 84825 64104b 84824->84825 84826 6ad60f 11 API calls 84825->84826 84836 640f65 84826->84836 84830 643110 102 API calls 84827->84830 84831 63f520 28 API calls 84828->84831 84829 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84832 64103f 84829->84832 84833 640a84 84830->84833 84835 640991 84831->84835 84832->84708 84834 640fa9 84833->84834 84839 6a8713 moneypunct 27 API calls 84833->84839 84886 640c43 _Yarn 84833->84886 85051 642b90 73 API calls Concurrency::cancel_current_task 84834->85051 84838 63e640 87 API calls 84835->84838 85052 6328d1 27 API calls 3 library calls 84836->85052 84841 6409a4 84838->84841 84843 640ae1 __cftof 84839->84843 84840->84829 84841->84825 84845 6409ec Concurrency::cancel_current_task 84841->84845 84854 693367 std::_Lockit::_Lockit 7 API calls 84843->84854 84844 6389b0 27 API calls 84849 640d38 84844->84849 84847 640a31 84845->84847 84848 640a1d 84845->84848 84846 641087 84850 6aa332 Concurrency::cancel_current_task RaiseException 84846->84850 84847->84827 84853 640a42 LocalFree 84847->84853 84848->84840 84852 640a25 LocalFree 84848->84852 84855 632c9c 5 API calls 84849->84855 84861 640d68 84849->84861 84851 641098 84850->84851 84852->84840 84853->84827 84857 640b0d 84854->84857 84855->84861 84856 632c9c 5 API calls 84858 640e1f 84856->84858 85044 693184 72 API calls 2 library calls 84857->85044 84869 640e6e 84858->84869 84887 642380 70 API calls 84858->84887 84860 640b55 85045 6933f6 48 API calls 4 library calls 84860->85045 84861->84834 84861->84836 84861->84856 84863 640b61 85046 633128 72 API calls 3 library calls 84863->85046 84865 640b8b 84866 693084 std::locale::_Init 57 API calls 84865->84866 84867 640b9c 84866->84867 85047 6931e9 77 API calls 3 library calls 84867->85047 84869->84834 84871 643030 73 API calls 84869->84871 84873 640f29 84871->84873 84873->84836 84874 640f78 84873->84874 85049 63e790 34 API calls 2 library calls 84874->85049 84881 640f9f 85050 641740 28 API calls 84881->85050 84886->84844 84887->84869 85053 63cc80 84888->85053 84890 63cd2f Concurrency::cancel_current_task 84890->84706 84891->84725 84893 6a8718 84892->84893 84894 6b594f _Yarn 15 API calls 84893->84894 84895 6a8732 84893->84895 84896 6bf60f moneypunct EnterCriticalSection LeaveCriticalSection 84893->84896 84898 633599 moneypunct 84893->84898 84894->84893 84895->84730 84896->84893 84897 6a873e 84897->84897 84898->84897 84899 6aa332 Concurrency::cancel_current_task RaiseException 84898->84899 84900 6335c5 84898->84900 84899->84898 84901 6a8713 moneypunct 27 API calls 84900->84901 84903 6335cb 84901->84903 84902 6335d2 84902->84730 84903->84902 84904 6ad62c __Getctype 11 API calls 84903->84904 84905 6ad62b 84904->84905 84908 69394b 13 API calls 84907->84908 84909 6408dd 84908->84909 84909->84747 84909->84748 84913 63f541 _Yarn 84910->84913 84914 63f571 84910->84914 84911 63f677 84912 6334d0 collate 21 API calls 84911->84912 84923 63f5e4 _Yarn 84912->84923 84913->84761 84914->84911 84915 63f672 Concurrency::cancel_current_task 84914->84915 84917 63f5d3 84914->84917 84918 63f5fa 84914->84918 84915->84911 84916 6ad60f 11 API calls 84919 63f681 84916->84919 84917->84915 84920 63f5de 84917->84920 84922 6a8713 moneypunct 27 API calls 84918->84922 84918->84923 84921 6a8713 moneypunct 27 API calls 84920->84921 84921->84923 84922->84923 84923->84916 84924 63f658 Concurrency::cancel_current_task 84923->84924 84924->84761 84926 63e680 GetFileAttributesW 84925->84926 84927 63e67e 84925->84927 84931 63e690 84926->84931 84936 63e724 Concurrency::cancel_current_task 84926->84936 84927->84926 84928 63e736 CreateDirectoryW 84929 63e742 GetLastError 84928->84929 84930 63e74f 84928->84930 84929->84930 84930->84751 84930->84771 84931->84931 84932 63f520 28 API calls 84931->84932 84931->84936 84933 63e6ec 84932->84933 84934 63d6d0 83 API calls 84933->84934 84935 63e6f8 84934->84935 84935->84936 84937 63e77d 84935->84937 84936->84928 84941 63be30 78 API calls 84940->84941 84942 6431ba 84941->84942 84943 63bbb0 57 API calls 84942->84943 84944 6431e3 84943->84944 84945 6940b7 73 API calls 84944->84945 84947 643388 84944->84947 84946 643281 84945->84946 84946->84947 84948 64328f 84946->84948 84949 6328d1 27 API calls 84947->84949 84954 643333 84947->84954 84951 643400 std::locale::_Locimp::_Makeushloc 75 API calls 84948->84951 84950 6433e3 84949->84950 84952 6aa332 Concurrency::cancel_current_task RaiseException 84950->84952 84951->84954 84953 6433f1 84952->84953 84954->84759 84956 6389ff 84955->84956 85016->84766 85018 693fba 85017->85018 85019 6b41c9 85018->85019 85020 693fcd 85018->85020 85022 6c4be4 CallUnexpected EnterCriticalSection LeaveCriticalSection 85019->85022 85021 693fdc 78 API calls 85020->85021 85021->85020 85023 6b41ce 85022->85023 85024 6b41d9 85023->85024 85025 6c4c32 CallUnexpected 48 API calls 85023->85025 85026 6b41e3 IsProcessorFeaturePresent 85024->85026 85031 6b4202 85024->85031 85025->85024 85027 6b41ef 85026->85027 85029 6ad453 CallUnexpected 8 API calls 85027->85029 85028 6be9c0 CallUnexpected 23 API calls 85030 6b420c 85028->85030 85029->85031 85031->85028 85037 6b4f09 85036->85037 85041 6b4f12 ___scrt_uninitialize_crt 85036->85041 85038 6b4d9c ___scrt_uninitialize_crt 72 API calls 85037->85038 85039 6b4f0f 85038->85039 85039->84817 85040 6b4f23 85040->84817 85041->85040 85042 6b4d3c 72 API calls 85041->85042 85043 6b4f4a 85042->85043 85043->84817 85044->84860 85045->84863 85046->84865 85049->84881 85051->84840 85052->84846 85054 63cc89 85053->85054 85055 63cccb Concurrency::cancel_current_task 85053->85055 85054->85055 85056 6ad60f 11 API calls 85054->85056 85055->84890 85057 63cd1f 85056->85057 85058 63cc80 11 API calls 85057->85058 85059 63cd2f Concurrency::cancel_current_task 85058->85059 85059->84890 85061 6ad638 85060->85061 85064 6ad453 85061->85064 85065 6ad46f __cftof CallUnexpected 85064->85065 85066 6ad49b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 85065->85066 85067 6ad56c CallUnexpected 85066->85067 85068 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85067->85068 85069 6ad58a GetCurrentProcess TerminateProcess 85068->85069 85069->84610 85071 635c64 CoCreateInstance 85070->85071 85072 635c54 85070->85072 85073 635c95 85071->85073 85074 635c86 OleRun 85071->85074 85072->85071 85075 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85073->85075 85074->85073 85076 635a71 85075->85076 85076->84289 85076->84295 85077->84311 85080 635ef5 85079->85080 85081 635efc Concurrency::cancel_current_task 85079->85081 85083 635f8a 5 API calls 2 library calls 85080->85083 85081->84338 85085 646d30 85084->85085 85092 646ec8 std::ios_base::_Ios_base_dtor __Mtx_unlock 85084->85092 85086 646d3e 85085->85086 85087 646dff 85085->85087 85089 6a8760 27 API calls 85086->85089 85088 6a8760 27 API calls 85087->85088 85090 646e09 85088->85090 85091 646d48 85089->85091 85096 646db6 85090->85096 85291 64ce00 85090->85291 85094 64ce00 210 API calls 85091->85094 85091->85096 85092->84342 85095 646d63 85094->85095 85419 693b8a 85095->85419 85098 646ed1 85096->85098 85099 646e52 85096->85099 85362 64e380 85098->85362 85101 639bb0 125 API calls 85099->85101 85102 646e57 85101->85102 85104 639940 164 API calls 85102->85104 85103 6a8713 moneypunct 27 API calls 85103->85096 85106 646e67 85104->85106 85107 631b84 79 API calls 85106->85107 85109 646e83 85107->85109 85422 648e90 76 API calls 85109->85422 85113 646e8e 85423 631c50 85113->85423 85131 669485 GetProcAddress 85130->85131 85133 6694c2 85130->85133 85132 669497 GetCurrentProcess 85131->85132 85131->85133 85134 6694b1 85132->85134 86193 63347e 85133->86193 85134->85133 85136 6694fc 85137 63347e 28 API calls 85136->85137 85138 66954c 85137->85138 86197 668c60 85138->86197 85251->84347 85259 668b75 85258->85259 85265 6686ab swprintf 85258->85265 86295 668400 91 API calls 3 library calls 85259->86295 85261 668b89 85278 6688f1 Concurrency::cancel_current_task 85261->85278 85263 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85264 668b71 85263->85264 85264->84346 85266 6b1faa swprintf 54 API calls 85265->85266 85267 66870d __cftof 85265->85267 85272 668895 85265->85272 86288 639050 28 API calls 85265->86288 85266->85265 86289 651820 85267->86289 85270 6a8713 moneypunct 27 API calls 85271 668815 85270->85271 85273 668834 85271->85273 85274 693084 std::locale::_Init 57 API calls 85271->85274 86275 634880 85272->86275 85276 634300 5 API calls 85273->85276 85274->85273 85277 6689da 85276->85277 86293 636500 75 API calls 3 library calls 85277->86293 85278->85263 85284 6689fe 85286 63347e 28 API calls 85284->85286 85289 668ad0 85284->85289 85286->85289 85292 6a8713 moneypunct 27 API calls 85291->85292 85293 64ce81 85292->85293 85294 6a8713 moneypunct 27 API calls 85293->85294 85295 64cf42 85294->85295 85296 6a8713 moneypunct 27 API calls 85295->85296 85297 64cfa0 85296->85297 85298 6a8713 moneypunct 27 API calls 85297->85298 85299 64d013 85298->85299 85300 6a8713 moneypunct 27 API calls 85299->85300 85301 64d083 85300->85301 85363 693bab 13 API calls 85362->85363 85364 64e3b7 85363->85364 85365 64e3be 85364->85365 85366 64e3fa 85364->85366 85542 64de80 85365->85542 85367 693faf 79 API calls 85366->85367 85369 64e400 85367->85369 85371 64e446 85369->85371 85372 64e4bf 85369->85372 85370 64e3c8 85374 639bb0 125 API calls 85371->85374 85373 693bab 13 API calls 85372->85373 85376 64e4ce 85373->85376 85377 64e44b 85374->85377 85379 64e519 85376->85379 85385 64e4d5 85376->85385 85380 639940 164 API calls 85377->85380 86186 6938db 85419->86186 85421 646d80 85421->85103 85422->85113 85543 64df26 85542->85543 85544 64deb1 85542->85544 85546 64e047 85543->85546 85559 64df4e 85543->85559 85545 639bb0 125 API calls 85544->85545 85548 64deb6 85545->85548 85547 639bb0 125 API calls 85546->85547 85549 64e04c 85547->85549 85550 639940 164 API calls 85548->85550 85562 64e015 85559->85562 85563 639bb0 125 API calls 85559->85563 85562->85370 85566 64df9b 85563->85566 86187 6938e8 86186->86187 86188 6938a6 InitializeCriticalSectionEx 86187->86188 86189 6938c4 InitializeSRWLock 86187->86189 86188->85421 86189->85421 86194 6334b8 86193->86194 86195 63348d _Yarn 86193->86195 86194->86195 86271 6333ed 28 API calls 2 library calls 86194->86271 86195->85136 86200 668c9d 86197->86200 86198 668cfc 86199 668d79 86200->86198 86200->86199 86206 668ceb 86200->86206 86271->86195 86276 639bb0 125 API calls 86275->86276 86277 6348ad 86276->86277 86278 639940 164 API calls 86277->86278 86279 6348ba 86278->86279 86280 631b84 79 API calls 86279->86280 86281 6348d5 86280->86281 86282 634190 5 API calls 86281->86282 86283 6348e3 86282->86283 86284 63136c 163 API calls 86283->86284 86285 6348ec 86284->86285 86286 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 86285->86286 86288->85265 86290 651858 86289->86290 86291 63be30 78 API calls 86290->86291 86292 6518c7 86291->86292 86292->85270 86293->85284 86295->85261 88357 63e310 ConvertStringSecurityDescriptorToSecurityDescriptorW 88326->88357 88329 63a048 Concurrency::cancel_current_task 88332 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88329->88332 88330 639f7e 88330->88329 88334 63a072 88330->88334 88331 6a8760 27 API calls 88333 639cc1 88331->88333 88335 639c11 InitOnceComplete 88332->88335 88337 65d900 27 API calls 88333->88337 88355 639e24 _Yarn 88333->88355 88336 6ad60f 11 API calls 88334->88336 88335->84515 88335->84517 88339 63a077 88336->88339 88341 639cec 88337->88341 88338 6a8713 moneypunct 27 API calls 88342 639eec Concurrency::cancel_current_task 88338->88342 88340 65d900 27 API calls 88340->88330 88343 65d900 27 API calls 88341->88343 88342->88334 88342->88340 88344 639d4c 88343->88344 88345 693b8a __Mtx_init_in_situ 2 API calls 88344->88345 88346 639dd9 88345->88346 88378 641130 88346->88378 88348 639def 88349 63a06d Concurrency::cancel_current_task 88348->88349 88350 639e74 88348->88350 88351 639e9b 88348->88351 88348->88355 88349->88334 88350->88349 88352 639e7f 88350->88352 88354 6a8713 moneypunct 27 API calls 88351->88354 88351->88355 88353 6a8713 moneypunct 27 API calls 88352->88353 88353->88355 88354->88355 88355->88334 88355->88338 88358 63e37d 88357->88358 88365 63e376 Concurrency::cancel_current_task 88357->88365 88359 63deb0 96 API calls 88358->88359 88360 63e3d9 88359->88360 88362 63e3e8 __cftof 88360->88362 88366 63e3dd 88360->88366 88361 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88363 639ca2 88361->88363 88364 63e425 GetModuleFileNameW 88362->88364 88363->88330 88363->88331 88367 63e443 88364->88367 88375 63e54f Concurrency::cancel_current_task 88364->88375 88365->88361 88366->88365 88368 63e62e 88366->88368 88399 63daa0 29 API calls 4 library calls 88367->88399 88370 6ad60f 11 API calls 88368->88370 88372 63e633 88370->88372 88371 63e454 88373 63dc20 96 API calls 88371->88373 88371->88375 88374 63e49d Concurrency::cancel_current_task 88373->88374 88374->88375 88376 63e629 88374->88376 88375->88366 88375->88368 88377 6ad60f 11 API calls 88376->88377 88377->88368 88400 643d80 88378->88400 88382 641183 88383 64119d 88382->88383 88384 6413d8 88382->88384 88386 6340e8 28 API calls 88383->88386 88428 6334d0 21 API calls collate 88384->88428 88387 6411bc 88386->88387 88424 643640 28 API calls _Yarn 88387->88424 88388 6ad60f 11 API calls 88390 6413e2 88388->88390 88391 6411cc 88425 643590 28 API calls _Yarn 88391->88425 88393 6411df 88426 63f310 28 API calls 3 library calls 88393->88426 88395 6411f5 88427 643590 28 API calls _Yarn 88395->88427 88397 641208 Concurrency::cancel_current_task 88397->88388 88398 6413b9 Concurrency::cancel_current_task 88397->88398 88398->88348 88399->88371 88429 6aa3a0 88400->88429 88402 643de7 WTSGetActiveConsoleSessionId 88403 643e15 88402->88403 88404 643e0b OutputDebugStringW 88402->88404 88403->88404 88409 643e3e 88403->88409 88406 643e57 _Yarn Concurrency::cancel_current_task 88404->88406 88407 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88406->88407 88408 641172 88407->88408 88423 643fd0 70 API calls 2 library calls 88408->88423 88410 643f81 OutputDebugStringW 88409->88410 88411 643e4a 88409->88411 88410->88406 88411->88406 88412 643fc0 88411->88412 88415 643e90 88411->88415 88431 6334d0 21 API calls collate 88412->88431 88414 643fc5 88417 6ad60f 11 API calls 88414->88417 88416 643fca Concurrency::cancel_current_task 88415->88416 88418 643ee7 88415->88418 88419 643f0e 88415->88419 88417->88416 88418->88416 88420 6a8713 moneypunct 27 API calls 88418->88420 88421 6a8713 moneypunct 27 API calls 88419->88421 88422 643ef8 _Yarn 88419->88422 88420->88422 88421->88422 88422->88406 88422->88414 88423->88382 88424->88391 88425->88393 88426->88395 88427->88397 88430 6aa3b8 88429->88430 88430->88402 88430->88430 88432->84532 88433->84534 88434->84536 88435->84538 88437 6380f9 88436->88437 88451 638185 Concurrency::cancel_current_task 88436->88451 88455 637f60 88437->88455 88440 634300 5 API calls 88441 638109 88440->88441 88467 6381d0 28 API calls 5 library calls 88441->88467 88443 638119 88444 6389b0 27 API calls 88443->88444 88445 638130 88444->88445 88446 634300 5 API calls 88445->88446 88447 63813e 88446->88447 88468 638730 75 API calls 2 library calls 88447->88468 88449 63814b 88450 634300 5 API calls 88449->88450 88452 638156 88450->88452 88451->84541 88452->88451 88453 6ad60f 11 API calls 88452->88453 88454 6381c5 88453->88454 88456 637faa 88455->88456 88466 638076 88455->88466 88469 693cd6 88456->88469 88458 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88459 63809e 88458->88459 88459->88440 88460 637faf std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 88472 639620 76 API calls 2 library calls 88460->88472 88462 638036 88473 638530 75 API calls 2 library calls 88462->88473 88464 63806b 88465 634300 5 API calls 88464->88465 88465->88466 88466->88458 88467->88443 88468->88449 88474 696d6a 88469->88474 88472->88462 88473->88464 88475 696d7b GetSystemTimePreciseAsFileTime 88474->88475 88476 696d87 GetSystemTimeAsFileTime 88474->88476 88477 693ce4 88475->88477 88476->88477 88477->88460 88479->84544 88482 64928d 88521 648fb0 CoCreateGuid 88482->88521 88484 649293 88485 649297 88484->88485 88488 6492e9 88484->88488 88486 639bb0 125 API calls 88485->88486 88487 64929c 88486->88487 88489 639940 164 API calls 88487->88489 88490 649307 88488->88490 88496 649366 88488->88496 88491 6492ac 88489->88491 88492 639bb0 125 API calls 88490->88492 88493 631b84 79 API calls 88491->88493 88494 64930c 88492->88494 88495 6492c8 88493->88495 88497 639940 164 API calls 88494->88497 88498 631be0 76 API calls 88495->88498 88499 639bb0 125 API calls 88496->88499 88507 6492e0 std::ios_base::_Ios_base_dtor _Yarn 88496->88507 88500 64931c 88497->88500 88501 6492d8 88498->88501 88502 64937e 88499->88502 88503 631b84 79 API calls 88500->88503 88504 63b8a0 163 API calls 88501->88504 88505 639940 164 API calls 88502->88505 88506 649338 88503->88506 88504->88507 88508 64938e 88505->88508 88509 631be0 76 API calls 88506->88509 88510 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88507->88510 88511 631b84 79 API calls 88508->88511 88512 649348 88509->88512 88513 64944c 88510->88513 88514 6493aa 88511->88514 88515 634190 5 API calls 88512->88515 88516 639ab0 76 API calls 88514->88516 88517 649358 88515->88517 88518 6493ba 88516->88518 88519 63b8a0 163 API calls 88517->88519 88520 63b8a0 163 API calls 88518->88520 88519->88507 88520->88507 88522 649155 88521->88522 88523 648fd6 StringFromCLSID 88521->88523 88524 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88522->88524 88523->88522 88525 648fee 88523->88525 88526 649163 88524->88526 88525->88522 88527 648ffe 88525->88527 88526->88484 88528 649020 _Yarn Concurrency::cancel_current_task 88527->88528 88529 649169 88527->88529 88535 649050 88527->88535 88532 649134 CoTaskMemFree 88528->88532 88560 6334d0 21 API calls collate 88529->88560 88531 64916e 88533 6ad60f 11 API calls 88531->88533 88536 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88532->88536 88534 649173 Concurrency::cancel_current_task 88533->88534 88537 649180 88534->88537 88535->88534 88539 6490cd 88535->88539 88541 6490a6 88535->88541 88538 64914f 88536->88538 88540 65d900 27 API calls 88537->88540 88538->88484 88542 6a8713 moneypunct 27 API calls 88539->88542 88545 6490b7 _Yarn 88539->88545 88544 6491cd __cftof 88540->88544 88541->88534 88543 6a8713 moneypunct 27 API calls 88541->88543 88542->88545 88543->88545 88546 639bb0 125 API calls 88544->88546 88545->88528 88545->88531 88547 649213 88546->88547 88548 639940 164 API calls 88547->88548 88549 649223 88548->88549 88550 631b84 79 API calls 88549->88550 88551 64923f 88550->88551 88552 639ab0 76 API calls 88551->88552 88553 64924f 88552->88553 88554 634190 5 API calls 88553->88554 88555 64925f 88554->88555 88556 63b8a0 163 API calls 88555->88556 88557 649267 std::ios_base::_Ios_base_dtor 88556->88557 88558 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88557->88558 88559 64944c 88558->88559 88559->88484 88561 6914c6 88562 6914d0 88561->88562 88563 69293c ___delayLoadHelper2@8 16 API calls 88562->88563 88564 6914dd 88563->88564 88568 684cfa 88570 684c79 88568->88570 88569 69293c ___delayLoadHelper2@8 16 API calls 88569->88570 88570->88568 88570->88569 88571 6b22d9 88572 6b22e9 88571->88572 88573 6b22fc 88571->88573 88574 6ad73d __Wcscoll 14 API calls 88572->88574 88575 6b230e 88573->88575 88581 6b2321 88573->88581 88597 6b22ee __cftoe __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 88574->88597 88576 6ad73d __Wcscoll 14 API calls 88575->88576 88576->88597 88577 6b2341 88579 6ad73d __Wcscoll 14 API calls 88577->88579 88578 6b2352 88598 6c3ead 88578->88598 88579->88597 88581->88577 88581->88578 88584 6b2369 88585 6b255d 88584->88585 88605 6c349f 14 API calls 2 library calls 88584->88605 88586 6ad62c __Getctype 11 API calls 88585->88586 88588 6b2567 88586->88588 88589 6b237b 88589->88585 88606 6c34cb 88589->88606 88591 6b238d 88591->88585 88592 6b2396 88591->88592 88593 6b241b 88592->88593 88594 6b23b7 88592->88594 88593->88597 88612 6c3f0a 25 API calls 2 library calls 88593->88612 88594->88597 88611 6c3f0a 25 API calls 2 library calls 88594->88611 88599 6c3eb9 __FrameHandler3::FrameUnwindToState 88598->88599 88600 6b2357 88599->88600 88613 6bcd41 EnterCriticalSection 88599->88613 88604 6c3473 14 API calls 2 library calls 88600->88604 88602 6c3eca 88614 6c3f01 LeaveCriticalSection std::_Lockit::~_Lockit 88602->88614 88604->88584 88605->88589 88607 6c34ec 88606->88607 88608 6c34d7 88606->88608 88607->88591 88609 6ad73d __Wcscoll 14 API calls 88608->88609 88610 6c34dc __cftoe 88609->88610 88610->88591 88611->88597 88612->88597 88613->88602 88614->88600 88615 647156 88616 6a8713 moneypunct 27 API calls 88615->88616 88617 64715c _Yarn 88616->88617 88618 6471bf 88617->88618 88626 64722a 88617->88626 88619 639bb0 125 API calls 88618->88619 88620 6471c4 88619->88620 88621 639940 164 API calls 88620->88621 88622 6471d4 88621->88622 88625 631b84 79 API calls 88622->88625 88623 647df1 88867 6334d0 21 API calls collate 88623->88867 88628 6471f0 88625->88628 88626->88623 88629 6472b4 88626->88629 88630 6472db 88626->88630 88642 64725f _Yarn 88626->88642 88632 639ab0 76 API calls 88628->88632 88633 647dfc Concurrency::cancel_current_task 88629->88633 88637 6a8713 moneypunct 27 API calls 88629->88637 88638 6a8713 moneypunct 27 API calls 88630->88638 88630->88642 88634 647200 88632->88634 88639 647e01 88633->88639 88635 631c50 76 API calls 88634->88635 88640 64720e 88635->88640 88636 647348 88641 639bb0 125 API calls 88636->88641 88637->88642 88638->88642 88643 6ad60f 11 API calls 88639->88643 88859 648f20 76 API calls 88640->88859 88645 64734d 88641->88645 88642->88636 88642->88639 88656 6473b3 88642->88656 88646 647e06 88643->88646 88648 639940 164 API calls 88645->88648 88651 639bb0 125 API calls 88646->88651 88647 647219 88649 63b8a0 163 API calls 88647->88649 88650 64735d 88648->88650 88672 647221 std::ios_base::_Ios_base_dtor Concurrency::cancel_current_task __Mtx_unlock 88649->88672 88653 631b84 79 API calls 88650->88653 88652 647e5c 88651->88652 88654 639940 164 API calls 88652->88654 88655 647379 88653->88655 88657 647e6c 88654->88657 88658 631be0 76 API calls 88655->88658 88656->88623 88659 647443 88656->88659 88660 64746a 88656->88660 88671 6473ee _Yarn 88656->88671 88661 631b84 79 API calls 88657->88661 88662 647389 88658->88662 88659->88633 88667 6a8713 moneypunct 27 API calls 88659->88667 88663 6a8713 moneypunct 27 API calls 88660->88663 88660->88671 88664 647e88 88661->88664 88665 631c50 76 API calls 88662->88665 88663->88671 88668 631be0 76 API calls 88664->88668 88669 647397 88665->88669 88666 6474d7 88670 639bb0 125 API calls 88666->88670 88667->88671 88673 647e98 88668->88673 88860 648f20 76 API calls 88669->88860 88675 6474dc 88670->88675 88671->88639 88671->88666 88686 647542 88671->88686 88676 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88672->88676 88677 63b8a0 163 API calls 88673->88677 88679 639940 164 API calls 88675->88679 88680 647dea 88676->88680 88693 647ea3 std::ios_base::_Ios_base_dtor 88677->88693 88678 6473a2 88681 63b8a0 163 API calls 88678->88681 88682 6474ec 88679->88682 88681->88672 88683 631b84 79 API calls 88682->88683 88685 647508 88683->88685 88684 647d49 88802 654b40 88684->88802 88689 631be0 76 API calls 88685->88689 88686->88623 88688 6476d8 88686->88688 88694 6475d6 88686->88694 88695 6475ff 88686->88695 88713 64757f _Yarn 88686->88713 88688->88623 88691 64786e 88688->88691 88699 647795 88688->88699 88700 64776c 88688->88700 88724 647715 _Yarn 88688->88724 88696 647518 88689->88696 88690 647d63 88801 64e380 224 API calls 88690->88801 88691->88623 88703 647a07 88691->88703 88708 647905 88691->88708 88709 64792e 88691->88709 88736 6478ae _Yarn 88691->88736 88692 647b9d 88692->88623 88692->88684 88698 647c00 88692->88698 88748 647bde _Yarn 88692->88748 88697 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88693->88697 88694->88633 88704 6a8713 moneypunct 27 API calls 88694->88704 88705 6a8713 moneypunct 27 API calls 88695->88705 88695->88713 88701 631c50 76 API calls 88696->88701 88702 6485c6 88697->88702 88722 647c35 88698->88722 88723 647c5c 88698->88723 88717 6a8713 moneypunct 27 API calls 88699->88717 88699->88724 88700->88633 88714 6a8713 moneypunct 27 API calls 88700->88714 88706 647526 88701->88706 88703->88623 88703->88692 88711 647ac2 88703->88711 88712 647a9b 88703->88712 88739 647a44 _Yarn 88703->88739 88704->88713 88705->88713 88861 648f20 76 API calls 88706->88861 88707 64766d 88716 639bb0 125 API calls 88707->88716 88708->88633 88727 6a8713 moneypunct 27 API calls 88708->88727 88720 6a8713 moneypunct 27 API calls 88709->88720 88709->88736 88710 647803 88719 639bb0 125 API calls 88710->88719 88731 6a8713 moneypunct 27 API calls 88711->88731 88711->88739 88712->88633 88729 6a8713 moneypunct 27 API calls 88712->88729 88713->88639 88713->88688 88713->88707 88714->88724 88726 647672 88716->88726 88717->88724 88718 647d74 88718->88639 88718->88672 88728 647808 88719->88728 88720->88736 88721 64799c 88730 639bb0 125 API calls 88721->88730 88722->88633 88732 647c40 88722->88732 88743 6a8713 moneypunct 27 API calls 88723->88743 88723->88748 88724->88639 88724->88691 88724->88710 88725 647531 88734 63b8a0 163 API calls 88725->88734 88735 639940 164 API calls 88726->88735 88727->88736 88738 639940 164 API calls 88728->88738 88729->88739 88740 6479a1 88730->88740 88731->88739 88741 6a8713 moneypunct 27 API calls 88732->88741 88733 647b32 88742 639bb0 125 API calls 88733->88742 88734->88672 88744 647682 88735->88744 88736->88639 88736->88703 88736->88721 88737 647ccc 88745 639bb0 125 API calls 88737->88745 88746 647818 88738->88746 88739->88639 88739->88692 88739->88733 88747 639940 164 API calls 88740->88747 88741->88748 88749 647b37 88742->88749 88743->88748 88750 631b84 79 API calls 88744->88750 88751 647cd1 88745->88751 88752 631b84 79 API calls 88746->88752 88753 6479b1 88747->88753 88748->88639 88748->88684 88748->88737 88754 639940 164 API calls 88749->88754 88755 64769e 88750->88755 88756 639940 164 API calls 88751->88756 88757 647834 88752->88757 88758 631b84 79 API calls 88753->88758 88759 647b47 88754->88759 88760 631be0 76 API calls 88755->88760 88761 647ce1 88756->88761 88762 631be0 76 API calls 88757->88762 88763 6479cd 88758->88763 88764 631b84 79 API calls 88759->88764 88765 6476ae 88760->88765 88766 631b84 79 API calls 88761->88766 88767 647844 88762->88767 88768 631be0 76 API calls 88763->88768 88769 647b63 88764->88769 88770 631c50 76 API calls 88765->88770 88772 647cfd 88766->88772 88773 631c50 76 API calls 88767->88773 88774 6479dd 88768->88774 88775 631be0 76 API calls 88769->88775 88771 6476bc 88770->88771 88862 648f20 76 API calls 88771->88862 88777 631be0 76 API calls 88772->88777 88778 647852 88773->88778 88779 631c50 76 API calls 88774->88779 88780 647b73 88775->88780 88783 647d0d 88777->88783 88863 648f20 76 API calls 88778->88863 88785 6479eb 88779->88785 88781 631c50 76 API calls 88780->88781 88786 647b81 88781->88786 88782 6476c7 88787 63b8a0 163 API calls 88782->88787 88788 631c50 76 API calls 88783->88788 88864 648f20 76 API calls 88785->88864 88865 648f20 76 API calls 88786->88865 88787->88672 88792 647d1b 88788->88792 88789 64785d 88793 63b8a0 163 API calls 88789->88793 88866 648f20 76 API calls 88792->88866 88793->88672 88794 6479f6 88797 63b8a0 163 API calls 88794->88797 88795 647b8c 88798 63b8a0 163 API calls 88795->88798 88797->88672 88798->88672 88799 647d26 88800 63b8a0 163 API calls 88799->88800 88800->88672 88801->88718 88868 6552d0 88802->88868 88804 654b83 88805 6a8713 moneypunct 27 API calls 88804->88805 88806 654c08 88805->88806 88944 656340 88806->88944 88808 654eba 88809 651b40 29 API calls 88808->88809 88820 654ec9 Concurrency::cancel_current_task 88809->88820 88811 656360 27 API calls 88824 654d1a 88811->88824 88812 654f98 88816 654fc2 88812->88816 88950 652f20 29 API calls 3 library calls 88812->88950 88815 654c8a 88815->88824 88947 656c80 29 API calls moneypunct 88815->88947 88818 65517d 88816->88818 88819 65502e 88816->88819 88832 65500e _Yarn 88816->88832 88817 655187 88822 6ad60f 11 API calls 88817->88822 88951 6334d0 21 API calls collate 88818->88951 88827 655062 88819->88827 88828 65508b 88819->88828 88820->88812 88820->88817 88949 6377a9 5 API calls collate 88820->88949 88826 65518c 88822->88826 88824->88808 88824->88811 88829 6a8713 moneypunct 27 API calls 88824->88829 88833 6b594f _Yarn 15 API calls 88824->88833 88948 656640 27 API calls 2 library calls 88824->88948 88825 655182 Concurrency::cancel_current_task 88825->88817 88834 639bb0 125 API calls 88826->88834 88827->88825 88831 65506d 88827->88831 88828->88832 88836 6a8713 moneypunct 27 API calls 88828->88836 88829->88824 88830 6ae960 _Yarn 14 API calls 88844 6550d8 Concurrency::cancel_current_task 88830->88844 88835 6a8713 moneypunct 27 API calls 88831->88835 88832->88830 88833->88824 88837 6551cb 88834->88837 88838 655073 88835->88838 88836->88832 88839 639940 164 API calls 88837->88839 88838->88817 88838->88832 88840 6551db 88839->88840 88842 631b84 79 API calls 88840->88842 88841 6ae960 _Yarn 14 API calls 88843 65513b Concurrency::cancel_current_task 88841->88843 88845 6551f7 88842->88845 88850 6ae960 _Yarn 14 API calls 88843->88850 88846 6ae960 _Yarn 14 API calls 88844->88846 88848 65510c Concurrency::cancel_current_task 88844->88848 88847 631be0 76 API calls 88845->88847 88846->88844 88849 655207 88847->88849 88848->88841 88851 63b8a0 163 API calls 88849->88851 88852 65514d Concurrency::cancel_current_task 88850->88852 88856 65520f std::ios_base::_Ios_base_dtor Concurrency::cancel_current_task 88851->88856 88853 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88852->88853 88854 655177 88853->88854 88854->88690 88855 6552a8 Concurrency::cancel_current_task 88855->88690 88856->88855 88857 6ad60f 11 API calls 88856->88857 88858 6552cb 88857->88858 88859->88647 88860->88678 88861->88725 88862->88782 88863->88789 88864->88794 88865->88795 88866->88799 88869 65571d 88868->88869 88952 656440 88869->88952 88871 65575a GetModuleHandleW 88873 655816 88871->88873 88874 656440 27 API calls 88873->88874 88875 655885 88874->88875 88962 6565c0 88875->88962 88877 65588c 88878 656440 27 API calls 88877->88878 88879 65595c 88878->88879 88880 656440 27 API calls 88879->88880 88881 655ae8 88880->88881 88902 655b83 std::ios_base::_Ios_base_dtor Concurrency::cancel_current_task 88881->88902 88967 6311f3 29 API calls 2 library calls 88881->88967 88883 656440 27 API calls 88890 655cc5 88883->88890 88884 655bdb 88885 655be6 88884->88885 88891 655cfc Concurrency::cancel_current_task 88884->88891 88886 639bb0 125 API calls 88885->88886 88888 655beb 88886->88888 88887 656440 27 API calls 88892 655d62 88887->88892 88889 639940 164 API calls 88888->88889 88893 655bfb 88889->88893 88894 655de7 88890->88894 88895 655e30 88890->88895 88907 655cd3 _Yarn 88890->88907 88891->88887 88892->88902 88968 64aad0 28 API calls 4 library calls 88892->88968 88897 631b84 79 API calls 88893->88897 88898 656085 Concurrency::cancel_current_task 88894->88898 88899 655df2 88894->88899 88900 6a8713 moneypunct 27 API calls 88895->88900 88895->88907 88901 655c17 88897->88901 88903 65608a 88898->88903 88904 6a8713 moneypunct 27 API calls 88899->88904 88900->88907 88905 631be0 76 API calls 88901->88905 88902->88883 88906 6ad60f 11 API calls 88903->88906 88904->88907 88908 655c27 88905->88908 88909 65608f 88906->88909 88907->88903 88912 655ebc Concurrency::cancel_current_task 88907->88912 88910 63b8a0 163 API calls 88908->88910 88911 6ad60f 11 API calls 88909->88911 88910->88902 88921 656094 Concurrency::cancel_current_task 88911->88921 88914 656440 27 API calls 88912->88914 88925 655f73 Concurrency::cancel_current_task 88912->88925 88913 655f82 GetModuleHandleW 88916 655f95 GetProcAddress 88913->88916 88917 655fc1 88913->88917 88915 655f2f 88914->88915 88918 655f45 88915->88918 88969 64aad0 28 API calls 4 library calls 88915->88969 88916->88917 88920 655fa7 GetCurrentProcess 88916->88920 88923 656440 27 API calls 88917->88923 88918->88909 88918->88913 88918->88925 88920->88917 88936 656166 Concurrency::cancel_current_task 88921->88936 88974 6567b0 12 API calls Concurrency::cancel_current_task 88921->88974 88926 656022 88923->88926 88924 6560f4 88931 65610e SysFreeString 88924->88931 88935 65611b Concurrency::cancel_current_task 88924->88935 88925->88913 88970 6336db 27 API calls collate 88926->88970 88927 6ad60f 11 API calls 88929 6561d9 88927->88929 88930 65602a 88971 63372a 5 API calls collate 88930->88971 88931->88935 88932 6561b4 Concurrency::cancel_current_task 88932->88804 88933 656159 SysFreeString 88933->88936 88935->88933 88935->88936 88936->88927 88936->88932 88937 656032 88972 63372a 5 API calls collate 88937->88972 88939 65603a 88973 63372a 5 API calls collate 88939->88973 88941 656042 88942 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88941->88942 88943 656059 88942->88943 88943->88804 88945 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88944->88945 88946 656355 88945->88946 88946->88815 88947->88815 88948->88824 88949->88820 88950->88816 88953 656496 88952->88953 88954 6564fd 88953->88954 88955 6565af 88953->88955 88961 6564e8 88953->88961 88956 6a8713 moneypunct 27 API calls 88954->88956 88976 639b40 27 API calls 2 library calls 88955->88976 88958 656515 88956->88958 88975 656bb0 11 API calls Concurrency::cancel_current_task 88958->88975 88959 6565b4 88961->88871 88963 6565cc 88962->88963 88964 6565ef Concurrency::cancel_current_task 88962->88964 88963->88964 88965 6ad60f 11 API calls 88963->88965 88964->88877 88966 656639 88965->88966 88967->88884 88968->88902 88969->88918 88970->88930 88971->88937 88972->88939 88973->88941 88974->88924 88975->88961 88976->88959 88980 65ea50 88983 65ed10 88980->88983 88981 65ea63 88984 65ed39 88983->88984 88985 65ed1a 88983->88985 88984->88981 88985->88984 88986 65ed22 RegSetValueExW 88985->88986 88986->88981 88993 65ecd0 88994 65ece7 lstrlenW 88993->88994 88995 65ecde 88993->88995 88997 65ed10 RegSetValueExW 88994->88997 88996 65ed07 88997->88996 88998 65df10 RegCreateKeyExW 88999 65df52 88998->88999 89000 65e590 89001 65e5a5 89000->89001 89002 65e59a 89000->89002 89005 65e8c0 RegQueryValueExW 89001->89005 89003 65e5bf 89005->89003 89006 6c61fa 89007 6c6206 __FrameHandler3::FrameUnwindToState 89006->89007 89008 6c620c 89007->89008 89009 6c6223 89007->89009 89010 6ad73d __Wcscoll 14 API calls 89008->89010 89017 6b582c EnterCriticalSection 89009->89017 89016 6c6211 __cftoe 89010->89016 89012 6c6233 89018 6c627a 89012->89018 89014 6c623f 89037 6c6270 LeaveCriticalSection ___scrt_uninitialize_crt 89014->89037 89017->89012 89019 6c629f 89018->89019 89020 6c6288 89018->89020 89022 6c2e1c CallUnexpected 14 API calls 89019->89022 89021 6ad73d __Wcscoll 14 API calls 89020->89021 89024 6c628d __cftoe 89021->89024 89023 6c62a9 89022->89023 89038 6c6972 89023->89038 89024->89014 89027 6c638c 89029 6c639a 89027->89029 89032 6c6365 89027->89032 89028 6c6337 89030 6c6351 89028->89030 89028->89032 89031 6ad73d __Wcscoll 14 API calls 89029->89031 89041 6c65bd 24 API calls 4 library calls 89030->89041 89036 6c62ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 89031->89036 89032->89036 89042 6c63fe 18 API calls 2 library calls 89032->89042 89034 6c635d 89034->89036 89036->89014 89037->89016 89043 6c67ea 89038->89043 89040 6c62c4 89040->89027 89040->89028 89040->89036 89041->89034 89042->89036 89044 6c67f6 __FrameHandler3::FrameUnwindToState 89043->89044 89045 6c67fe 89044->89045 89046 6c6816 89044->89046 89067 6ad72a 14 API calls __Wcscoll 89045->89067 89047 6c68c7 89046->89047 89052 6c684b 89046->89052 89070 6ad72a 14 API calls __Wcscoll 89047->89070 89050 6c6803 89051 6ad73d __Wcscoll 14 API calls 89050->89051 89057 6c680b __cftoe 89051->89057 89066 6cace1 EnterCriticalSection 89052->89066 89053 6c68cc 89055 6ad73d __Wcscoll 14 API calls 89053->89055 89055->89057 89056 6c6851 89058 6c688a 89056->89058 89059 6c6875 89056->89059 89057->89040 89061 6c68f6 __wsopen_s 16 API calls 89058->89061 89060 6ad73d __Wcscoll 14 API calls 89059->89060 89062 6c687a 89060->89062 89063 6c6885 89061->89063 89068 6ad72a 14 API calls __Wcscoll 89062->89068 89069 6c68bf LeaveCriticalSection __wsopen_s 89063->89069 89066->89056 89067->89050 89068->89063 89069->89057 89070->89053 89071 684d93 89072 684d14 89071->89072 89073 69293c ___delayLoadHelper2@8 16 API calls 89072->89073 89073->89072 89074 655318 89075 6a88fa 6 API calls 89074->89075 89076 655322 89075->89076 89077 6a8713 moneypunct 27 API calls 89076->89077 89174 65571a 89076->89174 89079 65535e 89077->89079 89078 656440 27 API calls 89080 65575a GetModuleHandleW 89078->89080 89191 654a40 89079->89191 89085 655816 89080->89085 89082 6553a7 89084 654a40 33 API calls 89082->89084 89086 6553ba 89084->89086 89088 656440 27 API calls 89085->89088 89087 654a40 33 API calls 89086->89087 89089 6553cb 89087->89089 89090 655885 89088->89090 89198 6561f0 29 API calls 3 library calls 89089->89198 89091 6565c0 11 API calls 89090->89091 89093 65588c 89091->89093 89096 656440 27 API calls 89093->89096 89094 6553e9 89095 654a40 33 API calls 89094->89095 89097 655486 89095->89097 89104 65595c 89096->89104 89098 654a40 33 API calls 89097->89098 89099 655499 89098->89099 89100 654a40 33 API calls 89099->89100 89101 6554aa 89100->89101 89199 6561f0 29 API calls 3 library calls 89101->89199 89103 6554c8 89105 654a40 33 API calls 89103->89105 89106 656440 27 API calls 89104->89106 89107 655565 89105->89107 89114 655ae8 89106->89114 89108 654a40 33 API calls 89107->89108 89109 655578 89108->89109 89110 654a40 33 API calls 89109->89110 89111 655589 89110->89111 89200 6561f0 29 API calls 3 library calls 89111->89200 89113 6555a7 89119 654a40 33 API calls 89113->89119 89115 655b83 std::ios_base::_Ios_base_dtor Concurrency::cancel_current_task 89114->89115 89204 6311f3 29 API calls 2 library calls 89114->89204 89117 656440 27 API calls 89115->89117 89127 655cc5 89117->89127 89118 655bdb 89120 655be6 89118->89120 89129 655cfc Concurrency::cancel_current_task 89118->89129 89121 65564e 89119->89121 89122 639bb0 125 API calls 89120->89122 89123 654a40 33 API calls 89121->89123 89125 655beb 89122->89125 89128 655661 89123->89128 89124 656440 27 API calls 89130 655d62 89124->89130 89126 639940 164 API calls 89125->89126 89131 655bfb 89126->89131 89132 655de7 89127->89132 89134 655e30 89127->89134 89142 655cd3 _Yarn 89127->89142 89133 654a40 33 API calls 89128->89133 89129->89124 89130->89115 89205 64aad0 28 API calls 4 library calls 89130->89205 89136 631b84 79 API calls 89131->89136 89137 656085 Concurrency::cancel_current_task 89132->89137 89138 655df2 89132->89138 89139 655672 89133->89139 89140 6a8713 moneypunct 27 API calls 89134->89140 89134->89142 89141 655c17 89136->89141 89143 65608a 89137->89143 89144 6a8713 moneypunct 27 API calls 89138->89144 89201 6561f0 29 API calls 3 library calls 89139->89201 89140->89142 89146 631be0 76 API calls 89141->89146 89142->89143 89147 655ebc Concurrency::cancel_current_task 89142->89147 89148 6ad60f 11 API calls 89143->89148 89144->89142 89150 655c27 89146->89150 89156 656440 27 API calls 89147->89156 89171 655f73 Concurrency::cancel_current_task 89147->89171 89151 65608f 89148->89151 89149 655690 89154 6a8713 moneypunct 27 API calls 89149->89154 89152 63b8a0 163 API calls 89150->89152 89153 6ad60f 11 API calls 89151->89153 89152->89115 89165 656094 Concurrency::cancel_current_task 89153->89165 89158 6556d2 89154->89158 89155 655f82 GetModuleHandleW 89159 655f95 GetProcAddress 89155->89159 89160 655fc1 89155->89160 89157 655f2f 89156->89157 89161 655f45 89157->89161 89206 64aad0 28 API calls 4 library calls 89157->89206 89202 6a85bf 17 API calls 89158->89202 89159->89160 89164 655fa7 GetCurrentProcess 89159->89164 89168 656440 27 API calls 89160->89168 89161->89151 89161->89155 89161->89171 89164->89160 89183 656166 Concurrency::cancel_current_task 89165->89183 89211 6567b0 12 API calls Concurrency::cancel_current_task 89165->89211 89167 655710 89203 6a88b0 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 89167->89203 89172 656022 89168->89172 89169 6560f4 89178 65610e SysFreeString 89169->89178 89182 65611b Concurrency::cancel_current_task 89169->89182 89171->89155 89207 6336db 27 API calls collate 89172->89207 89173 6ad60f 11 API calls 89176 6561d9 89173->89176 89174->89078 89177 65602a 89208 63372a 5 API calls collate 89177->89208 89178->89182 89179 6561b4 Concurrency::cancel_current_task 89180 656159 SysFreeString 89180->89183 89182->89180 89182->89183 89183->89173 89183->89179 89184 656032 89209 63372a 5 API calls collate 89184->89209 89186 65603a 89210 63372a 5 API calls collate 89186->89210 89188 656042 89189 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 89188->89189 89190 656059 89189->89190 89192 6a8713 moneypunct 27 API calls 89191->89192 89193 654a6e 89192->89193 89195 654aa5 _com_issue_error 89193->89195 89212 6a9900 89193->89212 89196 654afc SysFreeString 89195->89196 89197 654ab8 Concurrency::cancel_current_task 89195->89197 89196->89197 89197->89082 89198->89094 89199->89103 89200->89113 89201->89149 89202->89167 89203->89174 89204->89118 89205->89115 89206->89161 89207->89177 89208->89184 89209->89186 89210->89188 89211->89169 89213 6a9960 89212->89213 89232 6a993d 89212->89232 89215 6a997f MultiByteToWideChar 89213->89215 89219 6a9a33 _com_issue_error 89213->89219 89214 6a8367 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 89216 6a995a 89214->89216 89217 6a999c 89215->89217 89218 6a9a47 GetLastError 89215->89218 89216->89195 89220 6b594f _Yarn 15 API calls 89217->89220 89221 6a99ae __Strxfrm 89217->89221 89222 6a9a51 _com_issue_error 89218->89222 89219->89218 89220->89221 89221->89219 89224 6a99fa MultiByteToWideChar 89221->89224 89223 6a9a70 GetLastError 89222->89223 89225 6ae960 _Yarn 14 API calls 89222->89225 89230 6a9a7a _com_issue_error 89223->89230 89224->89222 89226 6a9a0e SysAllocString 89224->89226 89227 6a9a6d 89225->89227 89228 6a9a25 89226->89228 89229 6a9a1f 89226->89229 89227->89223 89228->89219 89228->89232 89231 6ae960 _Yarn 14 API calls 89229->89231 89230->89195 89231->89228 89232->89214 89233 6c5192 89234 6c2e1c CallUnexpected 14 API calls 89233->89234 89235 6c51a0 89234->89235 89236 6c51ce 89235->89236 89237 6c51af 89235->89237 89239 6c51dc 89236->89239 89240 6c51e9 89236->89240 89238 6ad73d __Wcscoll 14 API calls 89237->89238 89246 6c51b4 89238->89246 89241 6ad73d __Wcscoll 14 API calls 89239->89241 89245 6c51fc 89240->89245 89266 6c555a 16 API calls __wsopen_s 89240->89266 89241->89246 89243 6c527b 89255 6c53c0 89243->89255 89245->89243 89245->89246 89247 6cec2a __wsopen_s 14 API calls 89245->89247 89248 6c526e 89245->89248 89247->89248 89248->89243 89250 6c55f5 89248->89250 89251 6c2174 std::_Locinfo::_W_Getdays 15 API calls 89250->89251 89252 6c5610 89251->89252 89253 6c2098 _free 14 API calls 89252->89253 89254 6c561a 89253->89254 89254->89243 89256 6c2e1c CallUnexpected 14 API calls 89255->89256 89257 6c53cf 89256->89257 89258 6c5472 89257->89258 89259 6c53e2 89257->89259 89261 6c5ee6 __wsopen_s 68 API calls 89258->89261 89260 6c53ff 89259->89260 89264 6c5423 89259->89264 89262 6c5ee6 __wsopen_s 68 API calls 89260->89262 89263 6c540c 89261->89263 89262->89263 89263->89246 89264->89263 89265 6c6972 18 API calls 89264->89265 89265->89263 89266->89245

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 00663AC0 Relevance: 75.4, APIs: 3, Strings: 39, Instructions: 1934COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::locale::_Init.LIBCPMT ref: 00663CE8
                                                                                                                                                                                        • Part of subcall function 00693084: __EH_prolog3.LIBCMT ref: 0069308B
                                                                                                                                                                                        • Part of subcall function 00693084: std::_Lockit::_Lockit.LIBCPMT ref: 00693096
                                                                                                                                                                                        • Part of subcall function 00693084: std::locale::_Setgloballocale.LIBCPMT ref: 006930B1
                                                                                                                                                                                        • Part of subcall function 00693084: std::_Lockit::~_Lockit.LIBCPMT ref: 00693107
                                                                                                                                                                                      • std::locale::_Init.LIBCPMT ref: 00664934
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00664CD5
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
                                                                                                                                                                                      • String ID: $+o$$+o$2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown$*o$*o$+o
                                                                                                                                                                                      • API String ID: 3544396713-3089233433
                                                                                                                                                                                      • Opcode ID: 85b93680fafe936ccdce6aed3588acd0a009840bdb805b755c8ba97ae8f7b620
                                                                                                                                                                                      • Instruction ID: 780ff21517b617cd7b0fb8be61a5b2ef9985e4dfa5c368e4cbeec718a527c8d3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 85b93680fafe936ccdce6aed3588acd0a009840bdb805b755c8ba97ae8f7b620
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D139A71D012299FDB20DF64CC99BEDBBB6AF05304F1442D9E509AB291DB74AE84CF90
                                                                                                                                                                                      Function 0064F110 Relevance: 75.3, APIs: 21, Strings: 21, Instructions: 1782COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F268
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F307
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F37E
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F8B0
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064FBBD
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064FDB6
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006500BA
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065015F
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 006505D7
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00650614
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 0065086A
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006508A7
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 00650A90
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00650ACD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                      • String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key: $`ato$`p$`p$`p$`p
                                                                                                                                                                                      • API String ID: 1658547907-3917366308
                                                                                                                                                                                      • Opcode ID: 41473f14dbaccb17f8147dea961310a267c76037bc5308dd8b5296ec94255e15
                                                                                                                                                                                      • Instruction ID: b9215c5ac1639d0ec331865adb4204e8ad9279318883a9d79a4c5272dc6ea09d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 41473f14dbaccb17f8147dea961310a267c76037bc5308dd8b5296ec94255e15
                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F2AE709002699BEF24DB24CC99BDDB7B6AF45305F0082E8E44DA7292DB759EC8CF54
                                                                                                                                                                                      Function 00655318 Relevance: 72.7, APIs: 12, Strings: 29, Instructions: 928COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1169 655318-65532c call 6a88fa 1172 655332-6553a2 call 6a8713 call 654a40 1169->1172 1173 65571d-655b7a call 656440 GetModuleHandleW call 656440 call 6565c0 call 656440 * 2 call 649180 1169->1173 1180 6553a7-65571a call 654a40 * 2 call 6561f0 call 6a85d4 call 654a40 * 3 call 6561f0 call 6a85d4 call 654a40 * 3 call 6561f0 call 6a85d4 call 654a40 * 3 call 6561f0 call 6a85d4 call 6a8713 call 6a85bf call 6a88b0 1172->1180 1231 655b7f-655b81 1173->1231 1232 655b7a call 649180 1173->1232 1180->1173 1234 655bc4-655be0 call 6311f3 1231->1234 1235 655b83-655b8d 1231->1235 1232->1231 1249 655be6-655c59 call 639bb0 call 639940 call 631b84 call 631be0 call 63b8a0 call 692bfd 1234->1249 1250 655cfc-655d06 1234->1250 1237 655b93-655ba5 1235->1237 1238 655c8d-655ccd call 656440 1235->1238 1242 655c83-655c8a call 6a8375 1237->1242 1243 655bab-655bbf 1237->1243 1251 655db3-655dc0 1238->1251 1252 655cd3-655cd8 1238->1252 1242->1238 1243->1242 1249->1238 1349 655c5b-655c6d 1249->1349 1254 655d08-655d1a 1250->1254 1255 655d3a-655d67 call 656440 1250->1255 1260 655dc2-655dc7 1251->1260 1261 655dc9-655dce 1251->1261 1258 655cdc-655cf7 call 6aa3a0 1252->1258 1259 655cda 1252->1259 1263 655d30-655d37 call 6a8375 1254->1263 1264 655d1c-655d2a 1254->1264 1273 655d69-655d73 call 64aad0 1255->1273 1274 655d78-655d82 1255->1274 1286 655e8e-655e98 1258->1286 1259->1258 1269 655dd1-655de5 1260->1269 1261->1269 1263->1255 1264->1263 1277 655de7-655dec 1269->1277 1278 655e30-655e32 1269->1278 1273->1274 1274->1238 1285 655d88-655d94 1274->1285 1287 656085 Concurrency::cancel_current_task 1277->1287 1288 655df2-655dfd call 6a8713 1277->1288 1281 655e64-655e86 1278->1281 1282 655e34-655e62 call 6a8713 1278->1282 1292 655e8c 1281->1292 1282->1292 1285->1242 1293 655d9a-655dae 1285->1293 1294 655ec6-655ee7 call 649980 1286->1294 1295 655e9a-655ea6 1286->1295 1296 65608a call 6ad60f 1287->1296 1288->1296 1312 655e03-655e2e 1288->1312 1292->1286 1293->1242 1311 655eec-655eee 1294->1311 1302 655ebc-655ec3 call 6a8375 1295->1302 1303 655ea8-655eb6 1295->1303 1310 65608f-6560aa call 6ad60f 1296->1310 1302->1294 1303->1296 1303->1302 1330 6560ac-6560b6 1310->1330 1331 6560d8-6560fc call 6567b0 1310->1331 1317 655ef4-655f34 call 656440 1311->1317 1318 655f7f 1311->1318 1312->1292 1332 655f45-655f4f 1317->1332 1333 655f36-655f40 call 64aad0 1317->1333 1322 655f82-655f93 GetModuleHandleW 1318->1322 1328 655f95-655fa5 GetProcAddress 1322->1328 1329 655fd1 1322->1329 1328->1329 1338 655fa7-655fc5 GetCurrentProcess 1328->1338 1335 655fd3-65605c call 656440 call 6336db call 63372a * 3 call 6a8367 1329->1335 1339 6560ce-6560d5 call 6a8375 1330->1339 1340 6560b8-6560c6 1330->1340 1356 656144-656149 1331->1356 1357 6560fe-656106 1331->1357 1332->1322 1346 655f51-655f5d 1332->1346 1333->1332 1338->1329 1379 655fc7-655fcb 1338->1379 1339->1331 1341 6561d4-6561d9 call 6ad60f 1340->1341 1342 6560cc 1340->1342 1342->1339 1352 655f73-655f7d call 6a8375 1346->1352 1353 655f5f-655f6d 1346->1353 1349->1242 1358 655c6f-655c7d 1349->1358 1352->1322 1353->1310 1353->1352 1360 65618f-656197 1356->1360 1361 65614b-656151 1356->1361 1366 65613d 1357->1366 1367 656108-65610c 1357->1367 1358->1242 1375 6561c0-6561d3 1360->1375 1376 656199-6561a2 1360->1376 1369 656153-656157 1361->1369 1370 656188 1361->1370 1366->1356 1373 65610e-656115 SysFreeString 1367->1373 1374 65611b-656120 1367->1374 1380 656166-65616b 1369->1380 1381 656159-656160 SysFreeString 1369->1381 1370->1360 1373->1374 1383 656132-65613a call 6a8375 1374->1383 1384 656122-65612b call 6a874c 1374->1384 1377 6561a4-6561b2 1376->1377 1378 6561b6-6561bd call 6a8375 1376->1378 1377->1341 1385 6561b4 1377->1385 1378->1375 1379->1329 1386 655fcd-655fcf 1379->1386 1388 65617d-656185 call 6a8375 1380->1388 1389 65616d-656176 call 6a874c 1380->1389 1381->1380 1383->1366 1384->1383 1385->1378 1386->1335 1388->1370 1389->1388
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006A88FA: EnterCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,AC3C8B06,?,00641171,?), ref: 006A8905
                                                                                                                                                                                        • Part of subcall function 006A88FA: LeaveCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,AC3C8B06,?,00641171,?), ref: 006A8942
                                                                                                                                                                                        • Part of subcall function 00654A40: _com_issue_error.COMSUPP ref: 00654AD2
                                                                                                                                                                                        • Part of subcall function 00654A40: SysFreeString.OLEAUT32(-00000001), ref: 00654AFD
                                                                                                                                                                                        • Part of subcall function 006561F0: Concurrency::cancel_current_task.LIBCPMT ref: 006562BF
                                                                                                                                                                                        • Part of subcall function 006A88B0: EnterCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88BA
                                                                                                                                                                                        • Part of subcall function 006A88B0: LeaveCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88ED
                                                                                                                                                                                        • Part of subcall function 006A88B0: RtlWakeAllConditionVariable.NTDLL ref: 006A8964
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,AC3C8B06,?,?), ref: 006557B4
                                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 006557C5
                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 006557D1
                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 006557DC
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00656067
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00656085
                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 0065610F
                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0065615A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
                                                                                                                                                                                      • String ID: (error)$)$0.0.0.0$0p$4.1.1.865$4p$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
                                                                                                                                                                                      • API String ID: 2830066208-1780718439
                                                                                                                                                                                      • Opcode ID: 1b2c2082994112333075344723f52bed5407db652ab85ed4fc114abedd9c1899
                                                                                                                                                                                      • Instruction ID: 9daf242f4f2b22cc1639fc62cb864c19aedba464c50d5f77a840ae997ab796ad
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b2c2082994112333075344723f52bed5407db652ab85ed4fc114abedd9c1899
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C824A70900344DFEB64DFA4DC5879DBBB2AF05304F10865CE845AB3D2DB799A88CB69
                                                                                                                                                                                      Function 00645870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780encryptionfilethreadCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1938 645870-6458d0 GetCurrentProcessId GetCurrentThreadId call 6b594f 1941 6458d6-645943 CreateFileW 1938->1941 1942 646170-646185 call 63c900 1938->1942 1943 645945-645965 CreateFileW 1941->1943 1944 64596f-645973 1941->1944 1950 6461a5-6461ab 1942->1950 1951 646187-646189 1942->1951 1943->1944 1946 645967-64596d 1943->1946 1948 645975 1944->1948 1949 64597a-64599c CreateFileW 1944->1949 1946->1948 1948->1949 1952 645a05-645a49 call 6aa920 UuidCreate 1949->1952 1953 64599e-6459c0 CreateFileW 1949->1953 1955 6461ad-6461ba 1950->1955 1956 6461be-6461c4 1950->1956 1951->1950 1957 64618b-64618e 1951->1957 1964 645a4f-645a5f UuidCreate 1952->1964 1965 64620b-64621b call 63c900 1952->1965 1953->1952 1958 6459c2-6459e4 CreateFileW 1953->1958 1955->1956 1960 6461c6-6461d3 1956->1960 1961 6461d7-6461dd 1956->1961 1957->1950 1962 646190-646194 1957->1962 1958->1952 1963 6459e6-645a03 CreateFileW 1958->1963 1960->1961 1967 6461f0-646206 call 6a8367 1961->1967 1968 6461df-6461ec 1961->1968 1962->1950 1969 646196-64619a 1962->1969 1963->1952 1964->1965 1971 645a65-645a87 call 645790 1964->1971 1965->1957 1968->1967 1969->1950 1974 64619c-6461a3 call 6469a0 1969->1974 1982 645a89 1971->1982 1983 645aea-645af2 1971->1983 1974->1950 1985 645a90-645a96 1982->1985 1983->1965 1984 645af8-645b30 1983->1984 2002 645b36-645b3e 1984->2002 2003 646207 1984->2003 1986 645a9f-645aa5 1985->1986 1987 645a98-645a9d 1985->1987 1990 645aa7-645aac 1986->1990 1991 645aae-645ab4 1986->1991 1989 645ad9-645ae1 call 645790 1987->1989 1995 645ae6-645ae8 1989->1995 1990->1989 1993 645ab6-645abb 1991->1993 1994 645abd-645ac3 1991->1994 1993->1989 1997 645ac5-645aca 1994->1997 1998 645acc-645ad2 1994->1998 1995->1983 1995->1985 1997->1989 1998->1983 1999 645ad4 1998->1999 1999->1989 2002->2003 2004 645b44-645b5c 2002->2004 2003->1965 2004->2003 2007 645b62-645b66 2004->2007 2007->2003 2008 645b6c-645c01 call 644cc0 2007->2008 2008->2003 2021 645c07-645c4a 2008->2021 2026 645c50-645c54 2021->2026 2027 64616c 2021->2027 2026->2027 2028 645c5a-645c74 2026->2028 2027->1942 2028->2027 2031 645c7a-645c7e 2028->2031 2031->2027 2032 645c84-645cd4 call 644cc0 2031->2032 2039 645cd7-645ce0 2032->2039 2039->2039 2040 645ce2-645d16 CryptAcquireContextW 2039->2040 2041 645d65-645d6b 2040->2041 2042 645d18-645d32 CryptCreateHash 2040->2042 2044 645d74-645d7a 2041->2044 2045 645d6d-645d6e CryptDestroyHash 2041->2045 2042->2041 2043 645d34-645d4b CryptHashData 2042->2043 2043->2041 2048 645d4d-645d5f CryptGetHashParam 2043->2048 2046 645d85-645ef5 2044->2046 2047 645d7c-645d7f CryptReleaseContext 2044->2047 2045->2044 2046->2027 2077 645efb-645f4e call 644cc0 2046->2077 2047->2046 2048->2041 2084 645f50-645f59 2077->2084 2084->2084 2085 645f5b-645f8f CryptAcquireContextW 2084->2085 2086 645f91-645fab CryptCreateHash 2085->2086 2087 645fde-645fe4 2085->2087 2086->2087 2088 645fad-645fc4 CryptHashData 2086->2088 2089 645fe6-645fe7 CryptDestroyHash 2087->2089 2090 645fed-645ff3 2087->2090 2088->2087 2091 645fc6-645fd8 CryptGetHashParam 2088->2091 2089->2090 2092 645ff5-645ff8 CryptReleaseContext 2090->2092 2093 645ffe-646166 2090->2093 2091->2087 2092->2093 2093->2027
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 006458AA
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 006458B4
                                                                                                                                                                                      • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0064593A
                                                                                                                                                                                      • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0064595C
                                                                                                                                                                                      • CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 00645991
                                                                                                                                                                                      • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 006459B5
                                                                                                                                                                                      • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 006459D9
                                                                                                                                                                                      • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 006459FD
                                                                                                                                                                                      • UuidCreate.RPCRT4(00000000), ref: 00645A41
                                                                                                                                                                                      • UuidCreate.RPCRT4(00000000), ref: 00645A57
                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(?), ref: 00645D0E
                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 00645D2A
                                                                                                                                                                                      • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00645D43
                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00645D5F
                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(?), ref: 00645D6E
                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00645D7F
                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(?), ref: 00645F87
                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 00645FA3
                                                                                                                                                                                      • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00645FBC
                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00645FD8
                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(?), ref: 00645FE7
                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00645FF8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
                                                                                                                                                                                      • String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
                                                                                                                                                                                      • API String ID: 4128897270-3926088020
                                                                                                                                                                                      • Opcode ID: 2ab73ebd5df34ea3a02ea4832da2381ac5cc37a7dfb2d43f7c8ad217066ff8d3
                                                                                                                                                                                      • Instruction ID: 0fd494507676838e0cc21d765a05fa4023642cd6bd0580b0855264f323e0eab7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ab73ebd5df34ea3a02ea4832da2381ac5cc37a7dfb2d43f7c8ad217066ff8d3
                                                                                                                                                                                      • Instruction Fuzzy Hash: AB5256756043009FDB109F24C898B6EBBE6BF88710F150959FA56AB391CBB5ED018F86
                                                                                                                                                                                      Function 00681840 Relevance: 60.3, APIs: 5, Strings: 29, Instructions: 754registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 00681932
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 00681DAD
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 00681DD3
                                                                                                                                                                                      • std::locale::_Init.LIBCPMT ref: 006820C4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Close$CreateInitstd::locale::_
                                                                                                                                                                                      • String ID: to $$+o$(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range$*o
                                                                                                                                                                                      • API String ID: 3662814871-2511458928
                                                                                                                                                                                      • Opcode ID: 9b60b56a90a08ab0585676603a6f80497a3e3aeae33f3cce4f85e838f9375183
                                                                                                                                                                                      • Instruction ID: 94139ea1c006872da588f3e33dd32992f81d0fb2d53347fe176087e31c497850
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b60b56a90a08ab0585676603a6f80497a3e3aeae33f3cce4f85e838f9375183
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5552E3B0A003099FDB20EF94CC55BEEB7BAAF05704F140299E9096B381D775AE45CFA5
                                                                                                                                                                                      Function 00645204 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 345registryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 3194 645204-64523e RegOpenKeyExW 3195 645244-645273 RegQueryValueExW 3194->3195 3196 6452e2-645311 call 6ae960 GetLastError 3194->3196 3198 645275-64527d 3195->3198 3199 6452ca-6452dc RegCloseKey 3195->3199 3200 64538b-6453dc 3196->3200 3198->3199 3202 64527f-645292 call 644c10 3198->3202 3199->3196 3199->3200 3204 6453fd-645401 3200->3204 3205 6453de-6453eb OutputDebugStringW call 644f50 3200->3205 3211 6452b4-6452c8 SetLastError RegCloseKey 3202->3211 3212 645294-64529c 3202->3212 3206 645403-645449 call 6aa920 * 2 call 646ae0 3204->3206 3207 64547e-645481 3204->3207 3215 6453f0-6453f8 3205->3215 3206->3207 3248 64544b-645471 3206->3248 3213 645483-645489 3207->3213 3214 64548f-645496 3207->3214 3211->3196 3212->3199 3217 64529e-6452b2 call 644c10 3212->3217 3213->3214 3218 6455d1-6455d7 3213->3218 3214->3218 3219 64549c-6454b8 OutputDebugStringW call 644e60 3214->3219 3215->3207 3217->3199 3217->3211 3222 6455f3 3218->3222 3223 6455d9 3218->3223 3236 6454be-6454d8 call 644e60 3219->3236 3237 6455cb 3219->3237 3225 6455f5 3222->3225 3228 645703-64570a 3223->3228 3229 6455df-6455e5 3223->3229 3225->3228 3231 6455fb-645606 3225->3231 3233 64570c-64571b LoadLibraryExW 3228->3233 3234 645739 3228->3234 3229->3228 3235 6455eb-6455f1 3229->3235 3240 645610-64561c call 644dc0 3231->3240 3241 645608-64560a 3231->3241 3239 64573e-645743 3233->3239 3243 64571d-645737 GetLastError call 6ae960 3233->3243 3234->3239 3235->3225 3250 6454f2-645516 call 6b594f 3236->3250 3251 6454da-6454e0 3236->3251 3237->3218 3245 645745-64574b call 6a874c 3239->3245 3246 64574e-645753 3239->3246 3260 645622-64562a 3240->3260 3261 6456ea-6456ef 3240->3261 3241->3240 3243->3239 3245->3246 3254 645755-64575b call 6a874c 3246->3254 3255 64575e-645784 call 6a8367 3246->3255 3248->3207 3258 645518-64551f 3250->3258 3257 6454e2-6454eb call 6ae960 3251->3257 3251->3258 3254->3255 3257->3250 3258->3231 3270 645525-64554b call 644e60 call 644cc0 3258->3270 3260->3261 3266 645630 3260->3266 3261->3239 3267 6456f1-645701 call 6ae960 3261->3267 3273 645635-645639 3266->3273 3267->3239 3286 6455c4-6455c9 3270->3286 3287 64554d-64557f call 6aa920 * 2 call 646ae0 3270->3287 3277 645643-64565a 3273->3277 3278 64563b-645641 3273->3278 3277->3261 3281 645660-6456a2 call 644dc0 call 6b594f 3277->3281 3278->3273 3278->3277 3281->3261 3292 6456a4-6456e2 call 644dc0 call 644cc0 OutputDebugStringW call 6ae960 3281->3292 3286->3231 3299 645584-64558d 3287->3299 3303 6456e7 3292->3303 3299->3218 3301 64558f-6455c2 3299->3301 3301->3218 3303->3261
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 00645225
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 00645265
                                                                                                                                                                                      • SetLastError.KERNEL32(0000006F,?,?,0070A17C), ref: 006452B6
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 006452C2
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 006452D0
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006452F6
                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 006453E3
                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in EXE directory), ref: 006454A1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • %ls\%ls, xrefs: 00645533
                                                                                                                                                                                      • NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 006456B7
                                                                                                                                                                                      • NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 006453DE
                                                                                                                                                                                      • szInstallDir32, xrefs: 0064525F
                                                                                                                                                                                      • NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 0064549C
                                                                                                                                                                                      • Software\McAfee\SystemCore, xrefs: 0064521B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseDebugErrorLastOutputString$OpenQueryValue
                                                                                                                                                                                      • String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
                                                                                                                                                                                      • API String ID: 901107078-3767168787
                                                                                                                                                                                      • Opcode ID: c8f319747077344d7a4a861e7d5f7da0d95239487b21617adeb5d59d52e47adb
                                                                                                                                                                                      • Instruction ID: 4aac233dfd38185221feeb510cba0941a17675434d8a2aaaffefaccd61d72848
                                                                                                                                                                                      • Opcode Fuzzy Hash: c8f319747077344d7a4a861e7d5f7da0d95239487b21617adeb5d59d52e47adb
                                                                                                                                                                                      • Instruction Fuzzy Hash: F6D183B1E007199FDF64DF64CC45BEEB7B6AF04300F0441A9E50AAA282DB759E54CF91
                                                                                                                                                                                      Function 006470D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00654B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00647DFC
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647EBB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Failed to add event category (, xrefs: 006471F0
                                                                                                                                                                                      • Service has not been initialized, xrefs: 00647E88
                                                                                                                                                                                      • Failed to add reserved 4 dimension (, xrefs: 00647B63
                                                                                                                                                                                      • Failed to add reserved 5 dimension (, xrefs: 00647CFD
                                                                                                                                                                                      • Failed to add event action (, xrefs: 00647379
                                                                                                                                                                                      • Failed to add event label (, xrefs: 00647508
                                                                                                                                                                                      • u, xrefs: 00647B57
                                                                                                                                                                                      • z, xrefs: 00647CF1
                                                                                                                                                                                      • Failed to add reserved 3 dimension (, xrefs: 006479CD
                                                                                                                                                                                      • Failed to add reserved 2 dimension (, xrefs: 00647834
                                                                                                                                                                                      • Failed to add reserved 1 dimension (, xrefs: 0064769E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                      • String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
                                                                                                                                                                                      • API String ID: 342047005-3525645681
                                                                                                                                                                                      • Opcode ID: 7935ba528a0b4ef25a0e87b4f8bc0baaa4e36060f3295a86709dfbb3d3716789
                                                                                                                                                                                      • Instruction ID: 721761648ff0aae95be7770cb9768271018adec1d36099bae50610f4f9a4fbd4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7935ba528a0b4ef25a0e87b4f8bc0baaa4e36060f3295a86709dfbb3d3716789
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA82D270614244CFDF18EF24C895BEE7BA6AF45304F5042ADE8168B382DB75DA48CFA5
                                                                                                                                                                                      Function 00648FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CoCreateGuid.OLE32(?), ref: 00648FC8
                                                                                                                                                                                      • StringFromCLSID.OLE32(?,?), ref: 00648FE0
                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00649138
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00649173
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006493D1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • SOFTWARE\McAfee\WebAdvisor, xrefs: 006491FB
                                                                                                                                                                                      • Could not create registry key , xrefs: 0064923F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
                                                                                                                                                                                      • String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                      • API String ID: 3741506170-3627174789
                                                                                                                                                                                      • Opcode ID: 149b6048e5b02f9aeb24de6ce59e6d10dbdf0526174004691cab4db66e94d1b5
                                                                                                                                                                                      • Instruction ID: 1a9c656c4e1be2bb7def6945d60a79e3b1a8c2ccbc72bb88fb5c95d9286a33a8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 149b6048e5b02f9aeb24de6ce59e6d10dbdf0526174004691cab4db66e94d1b5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B812571A403059FDB14EF64DC89BAFB3AAEF45710F10462DF916872C1EB34A908CBA5
                                                                                                                                                                                      Function 00634C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00634CA6
                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00634CB8
                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00634CD3
                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 00634CE9
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00634CFA
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                                                                                                                                                                                      • String ID: saBSI.exe
                                                                                                                                                                                      • API String ID: 592884611-3955546181
                                                                                                                                                                                      • Opcode ID: df24b41ced1712b7227e849788d0215d4c1f8ab510b7191203b67b5533c6d4bd
                                                                                                                                                                                      • Instruction ID: 99a4badab1b04d89dd87e8a0750dff9fe271bbdee8d331edbe1725fff76ed8b6
                                                                                                                                                                                      • Opcode Fuzzy Hash: df24b41ced1712b7227e849788d0215d4c1f8ab510b7191203b67b5533c6d4bd
                                                                                                                                                                                      • Instruction Fuzzy Hash: F92108711053009FC310AB24AC89AAFB7D7EF85320F141228F915C72D0EB35A9458AD6
                                                                                                                                                                                      Function 006673B0 Relevance: 10.4, Strings: 8, Instructions: 433COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                      • String ID: &$&$CObfuscatedIniReader cannot load file: %s$Key was not found: %s$NWebAdvisor::CSubInfoDatReader::ReadString$No section found for %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubInfoDataReader.cpp$d6o
                                                                                                                                                                                      • API String ID: 54951025-40434935
                                                                                                                                                                                      • Opcode ID: 20c670c9343440068d1b7fc681abbab3a1b9018b64f1b72ed996443587434838
                                                                                                                                                                                      • Instruction ID: 4f6123d806492fff4bed4d1826ccad5bda4283b8532eabad710fb7de973214a9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 20c670c9343440068d1b7fc681abbab3a1b9018b64f1b72ed996443587434838
                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F1D270A04219DFDB50DF68CC45BAAB7B6AF15318F14829CE909AB391EB709E44CF94
                                                                                                                                                                                      Function 006914F0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 215encryptionCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00691581
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006915B2
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006915DD
                                                                                                                                                                                      • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00691625
                                                                                                                                                                                        • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CryptParam$CertCertificateFromStoreSubject_free
                                                                                                                                                                                      • String ID: %i
                                                                                                                                                                                      • API String ID: 2086474103-462526185
                                                                                                                                                                                      • Opcode ID: 744bcf95d5788fc3687876600caacec4945e65118cc827d000adad932dd03a54
                                                                                                                                                                                      • Instruction ID: c674608edeb527d42dc05b0bbef1e6d89d80a8f077986bad01de40365238ee1e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 744bcf95d5788fc3687876600caacec4945e65118cc827d000adad932dd03a54
                                                                                                                                                                                      • Instruction Fuzzy Hash: 59816B75D0020AEFDF20DFA4D840BEEBBB9BF0A344F244119E815AB352D7319A05CBA5
                                                                                                                                                                                      Function 00644F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000,AC3C8B06), ref: 00644FB5
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00644FDF
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00644FF2
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0064500B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                      • String ID: %ls\%ls
                                                                                                                                                                                      • API String ID: 152501406-2125769799
                                                                                                                                                                                      • Opcode ID: cbdda8953a2e4cd99976abdc6b5af821daceec97b4a4cffcf30809655c12a063
                                                                                                                                                                                      • Instruction ID: 7d4f4ca77b2bd6d199c6efbbb63635402f363ac6348d2bade13a1500a1ccebb3
                                                                                                                                                                                      • Opcode Fuzzy Hash: cbdda8953a2e4cd99976abdc6b5af821daceec97b4a4cffcf30809655c12a063
                                                                                                                                                                                      • Instruction Fuzzy Hash: BB4195B1E006159BDB64DFA5CC467AFBABAAB44B00F24413EE406DB281EB35C9048F95
                                                                                                                                                                                      Function 0067D540 Relevance: 7.2, Strings: 5, Instructions: 925COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied, xrefs: 0067DB65, 0067E175
                                                                                                                                                                                      • invalid substitutor, xrefs: 0067DB5E
                                                                                                                                                                                      • Unable to substitute the arguments, xrefs: 0067E16E
                                                                                                                                                                                      • NEQ, xrefs: 0067D892
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp, xrefs: 0067DB6A, 0067E17A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: NEQ$NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp$invalid substitutor
                                                                                                                                                                                      • API String ID: 0-4090108046
                                                                                                                                                                                      • Opcode ID: 042169b05f272298be894f985cc95f1ffcc3f8f840a2557defda55d14f9631c0
                                                                                                                                                                                      • Instruction ID: 8d30982bda4fee90a543bb309b7987fc20e95ef509a22daba48db25e01463680
                                                                                                                                                                                      • Opcode Fuzzy Hash: 042169b05f272298be894f985cc95f1ffcc3f8f840a2557defda55d14f9631c0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7082BE70D002588BDF14DFA8C845BEDBBB2BF45308F14869DE419AB391EB75AA85CF50
                                                                                                                                                                                      Function 006917A0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353encryptionCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CryptQueryObject.CRYPT32(00000001, %i,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00691815
                                                                                                                                                                                      • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006919CD
                                                                                                                                                                                        • Part of subcall function 006914F0: CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00691581
                                                                                                                                                                                        • Part of subcall function 006914F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 006915B2
                                                                                                                                                                                        • Part of subcall function 006914F0: CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 006915DD
                                                                                                                                                                                        • Part of subcall function 006914F0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00691625
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Crypt$Param$ObjectQuery$CertCertificateFromStoreSubject
                                                                                                                                                                                      • String ID: %i
                                                                                                                                                                                      • API String ID: 899467879-462526185
                                                                                                                                                                                      • Opcode ID: ca2483a0d8de98b5c4699f334ecabeb1eddeb1eff48f006b07d559119a9ec2df
                                                                                                                                                                                      • Instruction ID: 7730da718d88bb5924e1f1094619febc8d9dd61e6ca4c36546af6bef810e52c7
                                                                                                                                                                                      • Opcode Fuzzy Hash: ca2483a0d8de98b5c4699f334ecabeb1eddeb1eff48f006b07d559119a9ec2df
                                                                                                                                                                                      • Instruction Fuzzy Hash: 80C12B71E0020AAAEF10DFA5CD85BEEBBF9AF09704F248159E504FB280DB749904CB64
                                                                                                                                                                                      Function 00635C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CoCreateInstance.OLE32(006FD808,00000000,00000017,0070B024,00000000,AC3C8B06,?,?,?,00000000,00000000,00000000,006D8687,000000FF), ref: 00635C7A
                                                                                                                                                                                      • OleRun.OLE32(00000000), ref: 00635C89
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 542301482-0
                                                                                                                                                                                      • Opcode ID: ca7d9752988ff9e574ad28df36cb4ef56839c0c60579d2a9e6687cc2c698611f
                                                                                                                                                                                      • Instruction ID: 9dd936b6c659b4620894f19b80926e8088d8400820670e7757635bd601b42b71
                                                                                                                                                                                      • Opcode Fuzzy Hash: ca7d9752988ff9e574ad28df36cb4ef56839c0c60579d2a9e6687cc2c698611f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 18216D75A00718AFCB04CB58CC85F6EB7BAEF88B24F15412DF516E73A0DB75AD008A90
                                                                                                                                                                                      Function 00634E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1406 634e1f-634e73 call 65d6d0 1409 634ec6-634ede call 634d63 1406->1409 1410 634e75-634ec1 call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1406->1410 1415 634ee0-634f34 call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1409->1415 1416 634f39-634f46 CoInitializeEx 1409->1416 1410->1409 1451 6358da-6358e1 1415->1451 1420 634f48-634f4b 1416->1420 1421 634f4d-634f51 call 635a4f 1416->1421 1420->1421 1422 634f56-634f7c call 6a8760 1420->1422 1421->1422 1432 634f86 1422->1432 1433 634f7e-634f84 1422->1433 1436 634f88-634f99 call 635d57 1432->1436 1433->1436 1443 634ff1-635008 call 6a8760 1436->1443 1444 634f9b-634fec call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1436->1444 1454 635012 1443->1454 1455 63500a-635010 1443->1455 1478 6358ba-6358bf 1444->1478 1452 6358e3-6358e9 CloseHandle 1451->1452 1453 6358ef-635913 call 6a8367 1451->1453 1452->1453 1458 635014-63502c call 635db6 1454->1458 1455->1458 1466 63507b-6350cc call 6aa920 call 6a8760 1458->1466 1467 63502e-635076 call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1458->1467 1483 6350d8 1466->1483 1484 6350ce-6350d6 call 646bd0 1466->1484 1507 6358ab-6358b3 1467->1507 1481 6358c1 call 637d21 1478->1481 1482 6358c6-6358d2 call 6359c2 1478->1482 1481->1482 1482->1451 1496 6358d4 CoUninitialize 1482->1496 1485 6350da-6350f0 call 635e16 1483->1485 1484->1485 1497 635143-635154 1485->1497 1498 6350f2-63513e call 639bb0 call 639940 call 631b84 call 631be0 call 63136c 1485->1498 1496->1451 1500 635156 1497->1500 1501 63515a-635176 1497->1501 1533 635897-63589c 1498->1533 1500->1501 1504 635178 1501->1504 1505 63517c-635194 1501->1505 1504->1505 1508 635196 1505->1508 1509 63519a-6351a9 call 663670 1505->1509 1507->1478 1510 6358b5 call 637d21 1507->1510 1508->1509 1517 6351f7-635233 CommandLineToArgvW 1509->1517 1518 6351ab-6351f2 call 639bb0 call 639940 call 631b84 call 631be0 1509->1518 1510->1478 1530 635235-635282 call 639bb0 call 639940 call 631b84 call 631be0 GetLastError 1517->1530 1531 635284-6352b0 call 6aa920 GetModuleFileNameW 1517->1531 1548 635310-635318 call 63136c 1518->1548 1570 6352ff-63530a call 636140 1530->1570 1545 6352b2-6352fc call 639bb0 call 639940 call 631b84 call 631be0 GetLastError 1531->1545 1546 63531d-635367 call 63d730 call 6aa920 GetLongPathNameW 1531->1546 1535 6358a3-6358a6 call 635946 1533->1535 1536 63589e call 637d21 1533->1536 1535->1507 1536->1535 1545->1570 1563 635419-635520 call 63171d * 2 call 665b70 call 633899 * 2 call 6349d2 call 63171d * 2 call 665b70 call 633899 * 2 call 6349d2 1546->1563 1564 63536d-635416 call 639bb0 call 639940 call 631b84 call 631be0 GetLastError call 636140 call 6361b0 call 634190 call 63136c call 6aea46 1546->1564 1548->1533 1615 635522-635591 call 634a04 call 63171d call 665b70 call 633899 * 2 1563->1615 1616 635596-6355a8 call 6349d2 1563->1616 1564->1563 1570->1548 1615->1616 1622 635611-63564f call 634a4a 1616->1622 1623 6355aa-63560c call 63171d * 2 call 665b70 call 633899 * 2 1616->1623 1640 635651-635693 call 639bb0 call 639940 call 631b84 call 636220 call 63136c 1622->1640 1641 635698-6356a9 call 634b92 1622->1641 1623->1622 1640->1641 1650 63571b-635729 call 633a88 1641->1650 1651 6356ab-635716 call 639bb0 call 639940 call 631b84 call 631be0 1641->1651 1655 63572e-635733 1650->1655 1691 635887-63588c call 63136c 1651->1691 1658 635739-63573b 1655->1658 1659 6357ed-635802 call 637d7c 1655->1659 1663 635746-63575b call 637d7c 1658->1663 1664 63573d-635740 1658->1664 1672 635806-635881 call 63372a call 639bb0 call 639940 call 631b84 call 631be0 call 636290 1659->1672 1673 635804 1659->1673 1674 63575f-6357e8 call 63372a call 639bb0 call 639940 call 631b84 call 631be0 call 636290 call 63136c 1663->1674 1675 63575d 1663->1675 1664->1659 1664->1663 1672->1691 1673->1672 1700 63588f-635892 call 633899 1674->1700 1675->1674 1691->1700 1700->1533
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0065D6D0: GetModuleHandleW.KERNEL32(kernel32.dll,00634E6C,AC3C8B06), ref: 0065D6D5
                                                                                                                                                                                        • Part of subcall function 0065D6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0065D6E5
                                                                                                                                                                                      • CoInitializeEx.COMBASE(00000000,00000000,AC3C8B06), ref: 00634F3E
                                                                                                                                                                                      • CommandLineToArgvW.SHELL32(?,?), ref: 00635226
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001), ref: 00635276
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 006352A8
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001), ref: 006352F3
                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 0063535F
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002), ref: 006353AE
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000001), ref: 006358E9
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                        • Part of subcall function 0063136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006313A5
                                                                                                                                                                                      • CoUninitialize.OLE32(?,00000001), ref: 006358D4
                                                                                                                                                                                        • Part of subcall function 00646BD0: __Mtx_init_in_situ.LIBCPMT ref: 00646CC0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
                                                                                                                                                                                      • String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
                                                                                                                                                                                      • API String ID: 126520999-360321973
                                                                                                                                                                                      • Opcode ID: 8516ae2c2771c81bb6abadd41cdb051e5c294a94fcdba1e1f56d3efeaa900ae6
                                                                                                                                                                                      • Instruction ID: 77e264d3651464a20722ef810ab33839722dc81aef77d89b08acd2e8bab90320
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8516ae2c2771c81bb6abadd41cdb051e5c294a94fcdba1e1f56d3efeaa900ae6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C627FB0900349EFDF54EFA4C895BEDBBB6AF05304F50815DF80AA7281DB749A44CBA5
                                                                                                                                                                                      Function 0066EFC0 Relevance: 65.5, APIs: 13, Strings: 24, Instructions: 743COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1717 66efc0-66f053 call 6841f0 call 684430 1722 66f055-66f06b call 668650 1717->1722 1723 66f07f-66f13b call 66ea50 call 6aa920 * 2 1717->1723 1726 66f070-66f07a 1722->1726 1738 66f13d-66f163 GetLastError call 66e9b0 1723->1738 1739 66f168-66f170 1723->1739 1729 66fa58-66fa83 call 684210 call 6a8367 1726->1729 1745 66f3cb-66f3e6 call 668650 1738->1745 1741 66f172-66f186 1739->1741 1742 66f18d-66f1ab call 684280 1739->1742 1741->1742 1748 66f1ad-66f1d3 GetLastError call 66e9b0 1742->1748 1749 66f1d8-66f209 call 684480 1742->1749 1745->1729 1748->1745 1755 66f236-66f255 call 684250 1749->1755 1756 66f20b-66f231 GetLastError call 66e9b0 1749->1756 1761 66f257-66f286 call 668650 1755->1761 1762 66f289-66f29a call 684640 1755->1762 1756->1745 1761->1762 1766 66f2f3-66f300 call 684620 1762->1766 1767 66f29c-66f2ee GetLastError call 66e9b0 call 668650 1762->1767 1775 66f302-66f324 GetLastError call 66e9b0 1766->1775 1776 66f329-66f33f call 684560 1766->1776 1767->1729 1775->1745 1782 66f341-66f384 GetLastError call 66e9b0 call 668650 1776->1782 1783 66f389-66f3a7 call 6844c0 1776->1783 1782->1729 1789 66f3eb-66f41a call 6b594f 1783->1789 1790 66f3a9-66f3c6 GetLastError call 66e9b0 1783->1790 1796 66f41c-66f455 call 66e9b0 call 668650 1789->1796 1797 66f45a-66f461 1789->1797 1790->1745 1811 66fa4f-66fa50 call 6ae960 1796->1811 1799 66f4c2-66f4db call 6708c0 1797->1799 1800 66f463-66f48f 1797->1800 1809 66f4e0-66f501 call 6344b2 1799->1809 1802 66f495-66f49e 1800->1802 1802->1802 1805 66f4a0-66f4c0 call 63347e 1802->1805 1805->1809 1816 66f503-66f517 call 6338d0 1809->1816 1817 66f51d-66f523 1809->1817 1815 66fa55 1811->1815 1815->1729 1816->1817 1819 66f525-66f52b call 6338d0 1817->1819 1820 66f530-66f537 1817->1820 1819->1820 1823 66f5a0-66f5de call 670230 1820->1823 1824 66f539-66f53f 1820->1824 1831 66f657-66f669 call 6338d0 1823->1831 1832 66f5e0-66f5e6 1823->1832 1826 66f561-66f582 call 668650 1824->1826 1827 66f541-66f55f call 668650 1824->1827 1835 66f585-66f59b call 66e9b0 1826->1835 1827->1835 1843 66f66d-66f676 PathFileExistsW 1831->1843 1844 66f66b 1831->1844 1836 66f625-66f654 1832->1836 1837 66f5e8-66f5f7 1832->1837 1852 66fa44-66fa4a call 6338d0 1835->1852 1836->1831 1841 66f60f-66f61f call 6a8375 1837->1841 1842 66f5f9-66f607 1837->1842 1841->1836 1846 66fadf-66fb00 call 6ad60f 1842->1846 1847 66f60d 1842->1847 1850 66f67c-66f68b 1843->1850 1851 66f83d-66f844 1843->1851 1844->1843 1860 66fb02-66fb0a call 6a8375 1846->1860 1861 66fb0d-66fb11 1846->1861 1847->1841 1857 66f691-66f6a4 1850->1857 1858 66f8b8-66f8bc 1850->1858 1855 66f846 1851->1855 1856 66f848-66f86a CreateFileW 1851->1856 1852->1811 1855->1856 1862 66f870-66f8b3 call 66e9b0 call 668650 1856->1862 1863 66f8fa-66f942 call 6835a0 call 6845f0 1856->1863 1864 66fada call 6334d0 1857->1864 1865 66f6aa-66f6ae 1857->1865 1866 66f8c0-66f8f5 call 668650 call 66e9b0 1858->1866 1867 66f8be 1858->1867 1860->1861 1862->1852 1893 66f9d6-66fa1a CloseHandle call 6835f0 call 63149c 1863->1893 1894 66f948 1863->1894 1864->1846 1870 66f6b0-66f6b2 1865->1870 1871 66f6b8-66f6f2 1865->1871 1866->1852 1867->1866 1870->1871 1878 66f6f4-66f6ff 1871->1878 1879 66f739-66f7ba call 6aa3a0 DeleteFileW 1871->1879 1883 66f701-66f706 1878->1883 1884 66f708-66f70f 1878->1884 1891 66f7be-66f7ca call 6b65f0 1879->1891 1892 66f7bc 1879->1892 1890 66f712-66f733 call 6333c3 1883->1890 1884->1890 1890->1879 1905 66f82e-66f838 call 6338d0 1891->1905 1906 66f7cc-66f7ee call 6ad73d call 66e9b0 1891->1906 1892->1891 1915 66fa24-66fa33 call 66e9b0 1893->1915 1916 66fa1c-66fa1f 1893->1916 1899 66f950-66f958 1894->1899 1899->1893 1904 66f95a-66f973 WriteFile 1899->1904 1908 66fa86-66fad5 call 66e9b0 call 668650 CloseHandle 1904->1908 1909 66f979-66f9c9 call 66e990 call 684140 call 6845f0 1904->1909 1905->1851 1928 66f7f2-66f829 call 668650 call 6338d0 1906->1928 1929 66f7f0 1906->1929 1930 66fa3a 1908->1930 1932 66f9ce-66f9d0 1909->1932 1915->1930 1916->1915 1928->1852 1929->1928 1930->1852 1932->1893 1932->1899
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0066F13D
                                                                                                                                                                                        • Part of subcall function 00668650: std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 0066FAC8
                                                                                                                                                                                        • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseErrorHandleInitLast_freestd::locale::_
                                                                                                                                                                                      • String ID: <$<Zo$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
                                                                                                                                                                                      • API String ID: 2292809486-3984314390
                                                                                                                                                                                      • Opcode ID: fa3289f6680157b80e7751c0923fecae61c8e626ab832eda6eb4ac12883a19a9
                                                                                                                                                                                      • Instruction ID: f235427d0d2d584c8364c8705312285d984cb9843ecba921768440ead97915fa
                                                                                                                                                                                      • Opcode Fuzzy Hash: fa3289f6680157b80e7751c0923fecae61c8e626ab832eda6eb4ac12883a19a9
                                                                                                                                                                                      • Instruction Fuzzy Hash: DD629FB0A40619ABDB64DF14CC45FA9BBB6BF44304F0001E9F61967292DB71AE84CF99
                                                                                                                                                                                      Function 006765F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 2370 6765f0-676642 2371 676646-67664a 2370->2371 2372 676644 2370->2372 2373 6768c4-6768de 2371->2373 2374 676650-676662 call 631b0c 2371->2374 2372->2371 2375 6768e4-676900 call 661ac0 2373->2375 2376 676a8f-676aa3 call 6a88fa 2373->2376 2374->2373 2383 676668-676690 2374->2383 2385 676902-676912 2375->2385 2386 67695a-676960 2375->2386 2376->2375 2384 676aa9-676cc3 call 6760c0 * 3 call 63347e call 6760c0 * 2 call 63347e * 4 call 676400 call 6a85d4 call 6a85bf call 6a88b0 2376->2384 2387 676696-6766be 2383->2387 2388 676712 2383->2388 2384->2375 2389 676916-676923 2385->2389 2390 676914 2385->2390 2394 676964-6769a1 call 668650 2386->2394 2395 676962 2386->2395 2391 6766c4-6766cd 2387->2391 2393 676719-676727 2388->2393 2397 676925-676927 2389->2397 2398 67692d-67694e call 631b0c 2389->2398 2390->2389 2391->2391 2396 6766cf-676710 call 63347e call 6693a0 2391->2396 2400 676734-67673b 2393->2400 2401 676729-67672f call 6338d0 2393->2401 2415 6769a4-6769ad 2394->2415 2395->2394 2396->2388 2396->2393 2397->2398 2417 676954 2398->2417 2418 6769db-6769e4 2398->2418 2407 67673d-67677c call 668650 2400->2407 2408 6767a8-6767df call 6aa920 2400->2408 2401->2400 2428 676780-676789 2407->2428 2425 6767e1-6767f5 2408->2425 2426 67681d 2408->2426 2415->2415 2422 6769af-6769b7 call 63347e 2415->2422 2417->2386 2423 6769ea-6769f6 2417->2423 2418->2386 2418->2423 2435 6769bc-6769d8 call 6a8367 2422->2435 2423->2386 2430 6769fc-676a1c SHGetKnownFolderPath 2423->2430 2425->2426 2431 6767f7-6767fd 2425->2431 2432 67681f-676843 GetEnvironmentVariableW 2426->2432 2428->2428 2434 67678b-6767a3 call 63347e call 6338d0 2428->2434 2438 676a54-676a8a call 6314a1 CoTaskMemFree call 6344b2 call 6338d0 2430->2438 2439 676a1e-676a22 2430->2439 2440 676800 2431->2440 2441 676845-67684a 2432->2441 2442 67686e-6768b1 GetLastError call 668650 2432->2442 2434->2435 2438->2435 2446 676a26-676a4f call 668650 call 6314a1 2439->2446 2447 676a24 2439->2447 2440->2426 2449 676802-676805 2440->2449 2441->2442 2451 67684c-676865 call 6314a1 call 6338d0 2441->2451 2464 6768b4-6768bd 2442->2464 2446->2435 2447->2446 2458 676807-67681b 2449->2458 2459 67686a-67686c 2449->2459 2451->2435 2458->2426 2458->2440 2459->2432 2464->2464 2470 6768bf 2464->2470 2470->2373
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 0067683B
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0067686E
                                                                                                                                                                                      • SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 00676A15
                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 00676A6B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
                                                                                                                                                                                      • String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
                                                                                                                                                                                      • API String ID: 3946049928-1874136459
                                                                                                                                                                                      • Opcode ID: 7f74d80bfe9d232cc2e242532e34c33701c66af351b022f02aacea096baf43f4
                                                                                                                                                                                      • Instruction ID: 812430a3b579b5584af84d7222da27f44ceaf2cb92db9ab2102b16051276bb90
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f74d80bfe9d232cc2e242532e34c33701c66af351b022f02aacea096baf43f4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0602EF70A00758DADB60DF64CC49BEDB7B2EF04708F10819DE50DA7291EBB56A88CF55
                                                                                                                                                                                      Function 0066EAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 2492 66eaa0-66eb46 call 6841f0 call 684430 2497 66eb4c-66ebf6 call 6aa920 * 2 2492->2497 2498 66ec1b-66ec28 2492->2498 2509 66ec2d-66ec35 2497->2509 2510 66ebf8-66ec18 GetLastError call 668650 2497->2510 2500 66ef5b-66ef83 call 684210 call 6a8367 2498->2500 2512 66ec37-66ec4b 2509->2512 2513 66ec52-66ec6d call 684280 2509->2513 2510->2498 2512->2513 2517 66eca4-66ecd5 call 684480 2513->2517 2518 66ec6f-66ec9f GetLastError call 668650 2513->2518 2523 66ecd7-66ed07 GetLastError call 668650 2517->2523 2524 66ed0c-66ed2b call 684250 2517->2524 2518->2500 2523->2500 2529 66ed4c-66ed5d call 684640 2524->2529 2530 66ed2d-66ed49 GetLastError call 668650 2524->2530 2535 66eda5-66edb2 call 684620 2529->2535 2536 66ed5f-66eda0 GetLastError call 668650 2529->2536 2530->2529 2541 66edb4-66ede0 GetLastError call 668650 2535->2541 2542 66ede5-66edfb call 684560 2535->2542 2536->2500 2541->2500 2547 66ee34-66ee52 call 6844c0 2542->2547 2548 66edfd-66ee2f GetLastError call 668650 2542->2548 2553 66ee54-66ee83 GetLastError call 668650 2547->2553 2554 66ee88-66eea4 call 6b594f 2547->2554 2548->2500 2553->2500 2559 66eea6-66eed5 call 668650 call 6ae960 2554->2559 2560 66eeda-66ef01 call 6845f0 2554->2560 2559->2500 2563 66ef06-66ef08 2560->2563 2565 66ef46-66ef58 call 6ae960 2563->2565 2566 66ef0a 2563->2566 2565->2500 2569 66ef10-66ef18 2566->2569 2569->2565 2571 66ef1a-66ef22 2569->2571 2573 66ef86-66efb9 call 668650 call 6ae960 2571->2573 2574 66ef24-66ef44 call 6845f0 2571->2574 2573->2500 2574->2565 2574->2569
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(AC3C8B06), ref: 0066EBF9
                                                                                                                                                                                      • GetLastError.KERNEL32(AC3C8B06,?,00000000,?), ref: 0066EC70
                                                                                                                                                                                      • GetLastError.KERNEL32(AC3C8B06,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0066ECD8
                                                                                                                                                                                        • Part of subcall function 00668650: std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                      • GetLastError.KERNEL32(AC3C8B06,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0066ED2E
                                                                                                                                                                                      • GetLastError.KERNEL32(AC3C8B06,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0066ED75
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$Initstd::locale::_
                                                                                                                                                                                      • String ID: @]f$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
                                                                                                                                                                                      • API String ID: 1579124236-1460918578
                                                                                                                                                                                      • Opcode ID: 1d21ab3574e9033d977425fd8dc1b3505e905379d18f6660343f9763ab9d94ba
                                                                                                                                                                                      • Instruction ID: 4da255003e15d30d7e4687277eb444bb76cc5266acb35ae68b574d470ac01e04
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d21ab3574e9033d977425fd8dc1b3505e905379d18f6660343f9763ab9d94ba
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EC184B0A4071DAAEB209F10CC56BE9B766AF14704F404199F709772C2EBB25E948F6D
                                                                                                                                                                                      Function 00669400 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 871libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 2581 669400-669483 GetModuleHandleW 2582 669485-669495 GetProcAddress 2581->2582 2583 6694c2 2581->2583 2582->2583 2584 669497-6694b3 GetCurrentProcess 2582->2584 2585 6694c4-6694dc 2583->2585 2584->2583 2590 6694b5-6694bc 2584->2590 2586 6694e0-6694e9 2585->2586 2586->2586 2587 6694eb-66952f call 63347e 2586->2587 2593 669530-669539 2587->2593 2590->2583 2592 6694be-6694c0 2590->2592 2592->2585 2593->2593 2594 66953b-669567 call 63347e call 668c60 2593->2594 2599 669585-669592 2594->2599 2600 669569-669580 call 63347e 2594->2600 2602 669594-6695a9 2599->2602 2603 6695c9-6695f6 2599->2603 2600->2599 2606 6695bf-6695c6 call 6a8375 2602->2606 2607 6695ab-6695b9 2602->2607 2604 66962d-669674 call 6691a0 2603->2604 2605 6695f8-66960d 2603->2605 2619 669677-669680 2604->2619 2608 669623-66962a call 6a8375 2605->2608 2609 66960f-66961d 2605->2609 2606->2603 2607->2606 2611 66a108-66a121 call 6ad60f 2607->2611 2608->2604 2609->2608 2609->2611 2619->2619 2620 669682-6696a8 call 63347e call 668c60 2619->2620 2625 6696be-6696cb 2620->2625 2626 6696aa-6696b1 2620->2626 2629 669702-66972f 2625->2629 2630 6696cd-6696e2 2625->2630 2627 6696b5-6696b9 call 63347e 2626->2627 2628 6696b3 2626->2628 2627->2625 2628->2627 2634 669766-6697c9 call 6aa920 GetModuleFileNameW 2629->2634 2635 669731-669746 2629->2635 2632 6696e4-6696f2 2630->2632 2633 6696f8-6696ff call 6a8375 2630->2633 2632->2633 2633->2629 2643 669816-669884 call 670750 call 633f22 call 6338d0 call 6aa920 GetLongPathNameW 2634->2643 2644 6697cb-6697fb GetLastError call 668650 2634->2644 2638 66975c-669763 call 6a8375 2635->2638 2639 669748-669756 2635->2639 2638->2634 2639->2638 2662 669886-6698e8 GetLastError call 668650 call 6aea46 2643->2662 2663 6698eb-6698f1 2643->2663 2650 669800-669809 2644->2650 2650->2650 2652 66980b-669811 2650->2652 2654 66990b-669948 call 63347e 2652->2654 2661 669950-669959 2654->2661 2661->2661 2664 66995b-669987 call 63347e call 668c60 2661->2664 2662->2663 2666 6698f4-6698fd 2663->2666 2675 6699a5-6699b2 2664->2675 2676 669989-6699a0 call 63347e 2664->2676 2666->2666 2669 6698ff-66990a 2666->2669 2669->2654 2678 6699b4-6699c9 2675->2678 2679 6699e9-669a16 2675->2679 2676->2675 2680 6699df-6699e6 call 6a8375 2678->2680 2681 6699cb-6699d9 2678->2681 2682 669a4d-669abf call 63347e 2679->2682 2683 669a18-669a2d 2679->2683 2680->2679 2681->2680 2691 669ac0-669ac9 2682->2691 2686 669a43-669a4a call 6a8375 2683->2686 2687 669a2f-669a3d 2683->2687 2686->2682 2687->2686 2691->2691 2693 669acb-669af7 call 63347e call 668c60 2691->2693 2698 669b15-669b22 2693->2698 2699 669af9-669b10 call 63347e 2693->2699 2701 669b24-669b39 2698->2701 2702 669b59-669b86 2698->2702 2699->2698 2705 669b4f-669b56 call 6a8375 2701->2705 2706 669b3b-669b49 2701->2706 2703 669bbd-669c2f call 63347e 2702->2703 2704 669b88-669b9d 2702->2704 2715 669c30-669c39 2703->2715 2707 669bb3-669bba call 6a8375 2704->2707 2708 669b9f-669bad 2704->2708 2705->2702 2706->2705 2707->2703 2708->2707 2715->2715 2716 669c3b-669c67 call 63347e call 668c60 2715->2716 2721 669c85-669c92 2716->2721 2722 669c69-669c80 call 63347e 2716->2722 2724 669c94-669ca9 2721->2724 2725 669cc9-669cf6 2721->2725 2722->2721 2726 669cbf-669cc6 call 6a8375 2724->2726 2727 669cab-669cb9 2724->2727 2728 669d2d-669d69 call 668f20 call 66a130 2725->2728 2729 669cf8-669d0d 2725->2729 2726->2725 2727->2726 2740 669d72-669dae call 668f60 call 66a130 2728->2740 2741 669d6b-669d6d 2728->2741 2731 669d23-669d2a call 6a8375 2729->2731 2732 669d0f-669d1d 2729->2732 2731->2728 2732->2731 2746 669db7-669df3 call 668ee0 call 66a130 2740->2746 2747 669db0-669db2 2740->2747 2741->2740 2752 669df5-669df7 2746->2752 2753 669dfc-669e38 call 669120 call 66a130 2746->2753 2747->2746 2752->2753 2758 669e41-669e7d call 669120 call 66a130 2753->2758 2759 669e3a-669e3c 2753->2759 2764 669e86-669ec2 call 6690e0 call 66a130 2758->2764 2765 669e7f-669e81 2758->2765 2759->2758 2770 669ec4-669ec6 2764->2770 2771 669ecb-669f07 call 669160 call 66a130 2764->2771 2765->2764 2770->2771 2776 669f10-669f4c call 669060 call 66a130 2771->2776 2777 669f09-669f0b 2771->2777 2782 669f55-669f91 call 669060 call 66a130 2776->2782 2783 669f4e-669f50 2776->2783 2777->2776 2788 669f93-669f95 2782->2788 2789 669f9a-669fd6 call 669020 call 66a130 2782->2789 2783->2782 2788->2789 2794 669fdf-66a01b call 6690a0 call 66a130 2789->2794 2795 669fd8-669fda 2789->2795 2800 66a024-66a060 call 668fa0 call 66a130 2794->2800 2801 66a01d-66a01f 2794->2801 2795->2794 2806 66a062-66a064 2800->2806 2807 66a069-66a0a5 call 668fe0 call 66a130 2800->2807 2801->2800 2806->2807 2812 66a0a7-66a0a9 2807->2812 2813 66a0ae-66a0e3 call 668ea0 call 66a130 2807->2813 2812->2813 2818 66a0e5-66a0e7 2813->2818 2819 66a0ec-66a107 call 6a8367 2813->2819 2818->2819
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32,AC3C8B06,?), ref: 0066947B
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0066948B
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?), ref: 006694A8
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,0070A52C,0070A52A), ref: 006697C1
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,0070A52C,0070A52A), ref: 006697CB
                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 0066987C
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0066989A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
                                                                                                                                                                                      • String ID: $wo$0po$0wo$1.1$<wo$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32$>o$ro$vo
                                                                                                                                                                                      • API String ID: 891933594-1575059847
                                                                                                                                                                                      • Opcode ID: cc5cc7accd9ea66fefddc0ab8acd01879933404dcad5e67d8c25acd5057e9ba4
                                                                                                                                                                                      • Instruction ID: 19203c6195c728184e0f1da0dc4572ff1ff856fed9d2c34eefe6c790eb69126d
                                                                                                                                                                                      • Opcode Fuzzy Hash: cc5cc7accd9ea66fefddc0ab8acd01879933404dcad5e67d8c25acd5057e9ba4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C729DB0A002189FDB24DF64CC95B9DB7B6AF49304F1041DCE609AB391DB75AE84CF69
                                                                                                                                                                                      Function 0066BC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 2822 66bc60-66bd0a call 63347e 2825 66bd0e-66bd14 2822->2825 2826 66bd0c 2822->2826 2827 66bd16 2825->2827 2828 66bd18-66bd39 call 66fbe0 2825->2828 2826->2825 2827->2828 2831 66bd6e-66bd94 PathFindExtensionW call 6b2041 2828->2831 2832 66bd3b-66bd3f 2828->2832 2839 66bd96-66bda8 call 6b2041 2831->2839 2840 66bdaa-66bdbe 2831->2840 2833 66bd43-66bd63 call 668650 2832->2833 2834 66bd41 2832->2834 2841 66be5d-66be5f 2833->2841 2842 66bd69 2833->2842 2834->2833 2839->2840 2854 66bdea-66bdfa call 66bbf0 2839->2854 2844 66bdc0-66bdc5 call 6921d0 2840->2844 2845 66bdc9-66bdce call 67eb20 2840->2845 2847 66be63-66be69 2841->2847 2848 66be4b-66be57 DeleteFileW 2842->2848 2850 66bdc7 2844->2850 2855 66bdd1-66bdd3 2845->2855 2852 66be6b-66be7d 2847->2852 2853 66be99-66beb3 2847->2853 2848->2841 2850->2855 2856 66be8f-66be96 call 6a8375 2852->2856 2857 66be7f-66be8d 2852->2857 2859 66beb5-66bec7 2853->2859 2860 66bee3-66bf00 call 6a8367 2853->2860 2871 66be61 2854->2871 2872 66bdfc-66be0e 2854->2872 2855->2854 2862 66bdd5-66bde8 2855->2862 2856->2853 2857->2856 2864 66bf03-66bf63 call 6ad60f 2857->2864 2866 66bed9-66bee0 call 6a8375 2859->2866 2867 66bec9-66bed7 2859->2867 2870 66be37-66be48 call 668650 2862->2870 2881 66bf74-66c0e0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 call 63347e call 6667e0 call 6338d0 2864->2881 2882 66bf65-66bf6f 2864->2882 2866->2860 2867->2864 2867->2866 2870->2848 2871->2847 2878 66be12-66be1f call 6b2041 2872->2878 2879 66be10 2872->2879 2878->2871 2889 66be21-66be32 2878->2889 2879->2878 2927 66c0e6-66c0ee 2881->2927 2928 66c37d-66c382 2881->2928 2885 66c387-66c39d call 668650 2882->2885 2892 66c39f-66c3a4 2885->2892 2889->2870 2894 66c3a6-66c3b0 2892->2894 2895 66c3c7-66c3e4 call 6a8367 2892->2895 2894->2895 2897 66c3b2-66c3be 2894->2897 2897->2895 2905 66c3c0-66c3c2 2897->2905 2905->2895 2927->2928 2929 66c0f4-66c0fc 2927->2929 2928->2885 2930 66c115-66c121 call 6314c1 2929->2930 2931 66c0fe-66c113 call 6314a1 2929->2931 2936 66c126-66c13c call 6344b2 2930->2936 2931->2936 2939 66c13e-66c147 call 6338d0 2936->2939 2940 66c14c-66c153 2936->2940 2939->2940 2942 66c166-66c171 2940->2942 2943 66c155-66c161 call 6338d0 2940->2943 2945 66c173-66c186 call 6314a1 2942->2945 2946 66c188-66c197 call 6314c1 2942->2946 2943->2942 2951 66c19a-66c1b0 call 6344b2 2945->2951 2946->2951 2954 66c1b2-66c1be call 6338d0 2951->2954 2955 66c1c3-66c1ca 2951->2955 2954->2955 2957 66c1cc-66c1d8 call 6338d0 2955->2957 2958 66c1dd-66c1e5 2955->2958 2957->2958 2960 66c1e7-66c1fa call 6314a1 2958->2960 2961 66c1fc-66c20b call 6314c1 2958->2961 2966 66c20e-66c221 call 6344b2 2960->2966 2961->2966 2969 66c223-66c22c call 6338d0 2966->2969 2970 66c231-66c238 2966->2970 2969->2970 2972 66c245-66c25e call 66a380 2970->2972 2973 66c23a-66c240 call 6338d0 2970->2973 2977 66c346-66c34b 2972->2977 2978 66c264-66c271 call 66a380 2972->2978 2973->2972 2979 66c34d-66c35e call 668650 2977->2979 2978->2977 2984 66c277-66c284 call 66a380 2978->2984 2985 66c361 2979->2985 2984->2977 2990 66c28a-66c297 2984->2990 2987 66c363-66c37b call 6338d0 * 3 2985->2987 2987->2892 2992 66c29b-66c2aa call 6d4db0 2990->2992 2993 66c299 2990->2993 2999 66c2cf-66c301 call 6314a1 call 6667e0 call 6338d0 2992->2999 3000 66c2ac-66c2ca call 668650 2992->3000 2993->2992 3010 66c323-66c33d call 66bc60 2999->3010 3011 66c303-66c310 call 66a380 2999->3011 3000->2985 3014 66c342-66c344 3010->3014 3016 66c312-66c319 3011->3016 3017 66c31b-66c31f 3011->3017 3014->2987 3016->2979 3017->3010 3018 66c321 3017->3018 3018->3010
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,0070BFD0,00000000,AC3C8B06), ref: 0066BD7A
                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000000), ref: 0066BE57
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DeleteExtensionFileFindPath
                                                                                                                                                                                      • String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create destination directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
                                                                                                                                                                                      • API String ID: 3618814920-733304951
                                                                                                                                                                                      • Opcode ID: fbb4e80d7052521d3887edf4ef24015909095075f485bba0fdf367be71011a55
                                                                                                                                                                                      • Instruction ID: b2341a9f836c3928a2950bed00c2c611f7d0a1b8346df681757770b42a909e43
                                                                                                                                                                                      • Opcode Fuzzy Hash: fbb4e80d7052521d3887edf4ef24015909095075f485bba0fdf367be71011a55
                                                                                                                                                                                      • Instruction Fuzzy Hash: 15227C71E00218DBDB20DFA4CC95BEEB7B6EF14314F10415DE915AB282DB75AA48CFA4
                                                                                                                                                                                      Function 00640890 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 560COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 3020 640890-6408e2 call 693bab 3023 641045-641046 call 693faf 3020->3023 3024 6408e8-6408ee 3020->3024 3030 64104b call 6ad60f 3023->3030 3025 6408f4-64090b ConvertStringSecurityDescriptorToSecurityDescriptorW 3024->3025 3026 640a53-640a70 call 6aa920 3024->3026 3028 640911-640939 3025->3028 3029 64101f-641042 call 693bbc call 6a8367 3025->3029 3040 640a75-640ab6 call 643110 3026->3040 3041 640a72 3026->3041 3032 64093d-640942 3028->3032 3033 64093b 3028->3033 3039 641050-641053 3030->3039 3037 640945-64094e 3032->3037 3033->3032 3037->3037 3042 640950-64099f call 63f520 call 63e640 3037->3042 3044 641055-64105a 3039->3044 3045 64105c-641069 3039->3045 3051 640abc-640ac0 3040->3051 3052 640fa9-64101c call 642b90 call 692bfd 3040->3052 3041->3040 3064 6409a4-6409bf 3042->3064 3049 64106c-641098 call 632a82 call 6328d1 call 6aa332 3044->3049 3045->3049 3055 640ac6-640bba call 6a8713 call 6aa920 call 693367 call 693184 call 6933f6 call 633128 call 693084 call 6931e9 3051->3055 3056 640d19-640d26 3051->3056 3052->3029 3141 640bbc-640bcc call 693367 3055->3141 3142 640bef-640c12 call 695688 3055->3142 3061 640d28 3056->3061 3062 640d2a-640d53 call 6389b0 3056->3062 3061->3062 3086 640e00-640e0a 3062->3086 3087 640d59-640d70 call 632c9c 3062->3087 3069 6409c1-6409d6 3064->3069 3070 6409fc-640a1b 3064->3070 3077 6409ec-6409f9 call 6a8375 3069->3077 3078 6409d8-6409e6 3069->3078 3072 640a31-640a40 3070->3072 3073 640a1d-640a1f 3070->3073 3084 640a51 3072->3084 3085 640a42-640a4f LocalFree 3072->3085 3073->3029 3082 640a25-640a2c LocalFree 3073->3082 3077->3070 3078->3030 3078->3077 3082->3029 3084->3026 3085->3026 3086->3052 3089 640e10-640e3a call 632c9c 3086->3089 3095 640d72-640d8a 3087->3095 3096 640db8-640dc3 call 6938a1 3087->3096 3099 640e3c-640e6c call 642380 3089->3099 3100 640e89-640eb2 call 6938a1 3089->3100 3095->3096 3121 640d8c-640db2 3095->3121 3109 640dc5-640dc8 call 632510 3096->3109 3110 640dcd-640de5 3096->3110 3122 640e6e-640e79 call 6938a1 3099->3122 3112 640eb4-640eb7 call 632510 3100->3112 3113 640ebc 3100->3113 3109->3110 3116 640de7-640df4 3110->3116 3117 640dfc 3110->3117 3112->3113 3120 640ec0-640ed4 3113->3120 3116->3117 3117->3086 3124 640ed6-640ee3 3120->3124 3125 640eeb-640f0d 3120->3125 3121->3039 3121->3096 3136 640e83-640e87 3122->3136 3137 640e7b-640e7e call 632510 3122->3137 3124->3125 3125->3052 3129 640f13 3125->3129 3134 640f15-640f18 3129->3134 3135 640f1e-640f2b call 643030 3129->3135 3134->3052 3134->3135 3144 640f2d-640f63 3135->3144 3145 640f78-640f82 3135->3145 3136->3120 3137->3136 3154 640bde-640bec call 6933bf 3141->3154 3155 640bce-640bd9 3141->3155 3157 640c14-640c16 3142->3157 3158 640c5f-640c7e call 642c50 3142->3158 3144->3145 3148 640f65-640f68 3144->3148 3149 640f84 3145->3149 3150 640f86-640fa4 call 63e790 call 641740 3145->3150 3148->3045 3153 640f6e-640f73 3148->3153 3149->3150 3150->3052 3153->3049 3154->3142 3155->3154 3162 640c21-640c2d 3157->3162 3163 640c18-640c1e call 6ae960 3157->3163 3170 640c80-640c9a 3158->3170 3171 640caf-640cb4 3158->3171 3164 640c30-640c34 3162->3164 3163->3162 3164->3164 3169 640c36-640c4e call 6b594f 3164->3169 3169->3158 3179 640c50-640c5c call 6aa3a0 3169->3179 3170->3171 3184 640c9c-640caa 3170->3184 3174 640cb6-640ccd 3171->3174 3175 640ce2-640ceb 3171->3175 3174->3175 3188 640ccf-640cdd 3174->3188 3175->3056 3178 640ced-640d04 3175->3178 3178->3056 3190 640d06-640d14 3178->3190 3179->3158 3184->3171 3188->3175 3190->3056
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00640903
                                                                                                                                                                                      • LocalFree.KERNEL32(?,?), ref: 00640A26
                                                                                                                                                                                      • LocalFree.KERNEL32(?,?), ref: 00640A43
                                                                                                                                                                                        • Part of subcall function 00632510: __EH_prolog3_catch.LIBCMT ref: 00632517
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00640B08
                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00640B50
                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00640B86
                                                                                                                                                                                      • std::locale::_Init.LIBCPMT ref: 00640B97
                                                                                                                                                                                      • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00640BA4
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00640BC0
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00640BE1
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00640BF2
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00641017
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00641020
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockitstd::locale::_$DescriptorFreeLocalLocimp::_Lockit::_Security$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimpLocimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockNew_Stringstd::ios_base::_
                                                                                                                                                                                      • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                      • API String ID: 4127577005-3388121372
                                                                                                                                                                                      • Opcode ID: 95b8dea142dec55f4b209339e6b0169cc3d98e91b0953f7afedc8e0306ef14a7
                                                                                                                                                                                      • Instruction ID: acb027fa7fd733ff8aab6d959ca2f8ba34a6f46664294e3fc4decbddb84e3577
                                                                                                                                                                                      • Opcode Fuzzy Hash: 95b8dea142dec55f4b209339e6b0169cc3d98e91b0953f7afedc8e0306ef14a7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 73327D70D00268CFDB14DFA8C995BDDBBB6AF08304F1441A9E905AB391DB75AE84CF91
                                                                                                                                                                                      Function 006559AA Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 407COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 3305 6559aa-655b7a call 656440 call 649180 3318 655b7f-655b81 3305->3318 3319 655b7a call 649180 3305->3319 3320 655bc4-655be0 call 6311f3 3318->3320 3321 655b83-655b8d 3318->3321 3319->3318 3332 655be6-655c59 call 639bb0 call 639940 call 631b84 call 631be0 call 63b8a0 call 692bfd 3320->3332 3333 655cfc-655d06 3320->3333 3322 655b93-655ba5 3321->3322 3323 655c8d-655ccd call 656440 3321->3323 3326 655c83-655c8a call 6a8375 3322->3326 3327 655bab-655bbf 3322->3327 3334 655db3-655dc0 3323->3334 3335 655cd3-655cd8 3323->3335 3326->3323 3327->3326 3332->3323 3419 655c5b-655c6d 3332->3419 3336 655d08-655d1a 3333->3336 3337 655d3a-655d67 call 656440 3333->3337 3342 655dc2-655dc7 3334->3342 3343 655dc9-655dce 3334->3343 3340 655cdc-655cf7 call 6aa3a0 3335->3340 3341 655cda 3335->3341 3344 655d30-655d37 call 6a8375 3336->3344 3345 655d1c-655d2a 3336->3345 3353 655d69-655d73 call 64aad0 3337->3353 3354 655d78-655d82 3337->3354 3365 655e8e-655e98 3340->3365 3341->3340 3350 655dd1-655de5 3342->3350 3343->3350 3344->3337 3345->3344 3357 655de7-655dec 3350->3357 3358 655e30-655e32 3350->3358 3353->3354 3354->3323 3364 655d88-655d94 3354->3364 3366 656085 Concurrency::cancel_current_task 3357->3366 3367 655df2-655dfd call 6a8713 3357->3367 3360 655e64-655e86 3358->3360 3361 655e34-655e62 call 6a8713 3358->3361 3370 655e8c 3360->3370 3361->3370 3364->3326 3371 655d9a-655dae 3364->3371 3372 655ec6-655eee call 649980 3365->3372 3373 655e9a-655ea6 3365->3373 3374 65608a call 6ad60f 3366->3374 3367->3374 3388 655e03-655e2e 3367->3388 3370->3365 3371->3326 3392 655ef4-655f34 call 656440 3372->3392 3393 655f7f 3372->3393 3379 655ebc-655ec3 call 6a8375 3373->3379 3380 655ea8-655eb6 3373->3380 3386 65608f-6560aa call 6ad60f 3374->3386 3379->3372 3380->3374 3380->3379 3402 6560ac-6560b6 3386->3402 3403 6560d8-6560fc call 6567b0 3386->3403 3388->3370 3404 655f45-655f4f 3392->3404 3405 655f36-655f40 call 64aad0 3392->3405 3395 655f82-655f93 GetModuleHandleW 3393->3395 3400 655f95-655fa5 GetProcAddress 3395->3400 3401 655fd1 3395->3401 3400->3401 3409 655fa7-655fc5 GetCurrentProcess 3400->3409 3406 655fd3-65605c call 656440 call 6336db call 63372a * 3 call 6a8367 3401->3406 3410 6560ce-6560d5 call 6a8375 3402->3410 3411 6560b8-6560c6 3402->3411 3425 656144-656149 3403->3425 3426 6560fe-656106 3403->3426 3404->3395 3416 655f51-655f5d 3404->3416 3405->3404 3409->3401 3447 655fc7-655fcb 3409->3447 3410->3403 3412 6561d4-6561d9 call 6ad60f 3411->3412 3413 6560cc 3411->3413 3413->3410 3421 655f73-655f7d call 6a8375 3416->3421 3422 655f5f-655f6d 3416->3422 3419->3326 3427 655c6f-655c7d 3419->3427 3421->3395 3422->3386 3422->3421 3429 65618f-656197 3425->3429 3430 65614b-656151 3425->3430 3434 65613d 3426->3434 3435 656108-65610c 3426->3435 3427->3326 3443 6561c0-6561d3 3429->3443 3444 656199-6561a2 3429->3444 3437 656153-656157 3430->3437 3438 656188 3430->3438 3434->3425 3441 65610e-656115 SysFreeString 3435->3441 3442 65611b-656120 3435->3442 3448 656166-65616b 3437->3448 3449 656159-656160 SysFreeString 3437->3449 3438->3429 3441->3442 3451 656132-65613a call 6a8375 3442->3451 3452 656122-65612b call 6a874c 3442->3452 3445 6561a4-6561b2 3444->3445 3446 6561b6-6561bd call 6a8375 3444->3446 3445->3412 3453 6561b4 3445->3453 3446->3443 3447->3401 3454 655fcd-655fcf 3447->3454 3456 65617d-656185 call 6a8375 3448->3456 3457 65616d-656176 call 6a874c 3448->3457 3449->3448 3451->3434 3452->3451 3453->3446 3454->3406 3456->3438 3457->3456
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00656067
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00656085
                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 0065610F
                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0065615A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskFreeString
                                                                                                                                                                                      • String ID: )$0p$4p$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                      • API String ID: 3597043392-4136711636
                                                                                                                                                                                      • Opcode ID: 799a5966862adb6414be97e8b8aad565c5365b8b054e2dd628937a631eadf783
                                                                                                                                                                                      • Instruction ID: 987372f4a9e1253e2eb3597baaab52c6bb9426fa00f24082068ba657b0e275bc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 799a5966862adb6414be97e8b8aad565c5365b8b054e2dd628937a631eadf783
                                                                                                                                                                                      • Instruction Fuzzy Hash: F7E1F3709007449FEB28DFB8C9587ADBBB3AF41311F24465CE805AB3D2DB749A88CB55
                                                                                                                                                                                      Function 00666560 Relevance: 25.7, APIs: 14, Strings: 3, Instructions: 211memoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 3838 666560-66658d 3839 66658f-666592 GlobalFree 3838->3839 3840 666599-66659e 3838->3840 3839->3840 3841 6665a0-6665a3 GlobalFree 3840->3841 3842 6665aa-6665af 3840->3842 3841->3842 3843 6665b1-6665b4 GlobalFree 3842->3843 3844 6665bb-6665c8 3842->3844 3843->3844 3846 6665ce-6665d3 3844->3846 3847 66668c 3844->3847 3848 6666cd-6666d1 3846->3848 3849 6665d9-6665de 3846->3849 3850 66668e-666693 3847->3850 3853 6666d3-6666d7 3848->3853 3854 6666dd-6666ef 3848->3854 3855 6665e0-6665e3 GlobalFree 3849->3855 3856 6665ea-6665ec 3849->3856 3851 666695-666698 GlobalFree 3850->3851 3852 66669f-6666a4 3850->3852 3851->3852 3857 6666a6-6666a9 GlobalFree 3852->3857 3858 6666b0-6666b6 3852->3858 3853->3854 3859 6667d0-6667d2 3853->3859 3860 6666f1-6666fb 3854->3860 3861 6666fd-666704 3854->3861 3855->3856 3862 6665ee-6665f0 3856->3862 3863 66662b-666633 3856->3863 3857->3858 3865 6666bb-6666cc call 6a8367 3858->3865 3866 6666b8-6666b9 GlobalFree 3858->3866 3859->3850 3869 66670b-66672a 3860->3869 3861->3869 3864 6665f3-6665fc 3862->3864 3867 666635-666638 GlobalFree 3863->3867 3868 66663f-666641 3863->3868 3864->3864 3870 6665fe-666618 GlobalAlloc 3864->3870 3866->3865 3867->3868 3868->3859 3872 666647-66664c 3868->3872 3869->3847 3877 666730-66676b 3869->3877 3870->3847 3873 66661a-666629 call 6ad660 3870->3873 3875 666650-666659 3872->3875 3873->3847 3873->3863 3875->3875 3879 66665b-666675 GlobalAlloc 3875->3879 3886 666794-666798 3877->3886 3887 66676d-666779 3877->3887 3879->3847 3881 666677-666686 call 6ad660 3879->3881 3881->3847 3881->3859 3890 6667ae-6667ba 3886->3890 3891 66679a-6667a9 call 666a70 call 666af0 3886->3891 3888 666781-666786 3887->3888 3889 66677b-66677e GlobalFree 3887->3889 3888->3847 3892 66678c-66678f GlobalFree 3888->3892 3889->3888 3894 6667c6-6667cb 3890->3894 3895 6667bc-6667bf GlobalFree 3890->3895 3891->3890 3892->3847 3894->3859 3896 6667cd-6667ce GlobalFree 3894->3896 3895->3894 3896->3859
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00666590
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 006665A1
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000101), ref: 006665B2
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 006665E1
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000000,?), ref: 0066660D
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000101), ref: 00666636
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000000,?), ref: 0066666A
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00666696
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 006666A7
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 006666B9
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0066677C
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0066678D
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 006667BD
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 006667CE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Global$Free$Alloc
                                                                                                                                                                                      • String ID: Temp$\$o$`ato
                                                                                                                                                                                      • API String ID: 1780285237-3562525719
                                                                                                                                                                                      • Opcode ID: 12ac8c4f40b3b47f07ef642761e41972a52af825ddb5d98f1ee453572c0f2817
                                                                                                                                                                                      • Instruction ID: dc0571e2305d602db945abb9c34feaea94b0dc459efd499347fb25e226f22971
                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ac8c4f40b3b47f07ef642761e41972a52af825ddb5d98f1ee453572c0f2817
                                                                                                                                                                                      • Instruction Fuzzy Hash: 937139B0A00219ABDF109FA5EC84BEEBBBAAF44704F098159FC05EB351D775D945CEA0
                                                                                                                                                                                      Function 0064CE00 Relevance: 25.0, APIs: 2, Strings: 12, Instructions: 545COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 3899 64ce00-64d2f7 call 6a8713 * 6 call 693b8a call 6aa920 * 2 call 651770 call 63bbb0 call 63bed0 3924 64d32e-64d3ac call 634300 * 5 call 63ba20 3899->3924 3925 64d2f9-64d30e 3899->3925 3951 64d414-64d41d 3924->3951 3952 64d3ae-64d3b4 3924->3952 3926 64d324-64d32b call 6a8375 3925->3926 3927 64d310-64d31e 3925->3927 3926->3924 3927->3926 3929 64d707-64d71d call 6ad60f call 649c10 3927->3929 3941 64d72d-64d730 3929->3941 3942 64d71f-64d72a call 6a8375 3929->3942 3942->3941 3955 64d454-64d46c call 6aa920 call 64ccb0 3951->3955 3956 64d41f-64d434 3951->3956 3953 64d3b6-64d3c5 3952->3953 3954 64d3ed-64d412 3952->3954 3958 64d3c7-64d3d5 3953->3958 3959 64d3dd-64d3ea call 6a8375 3953->3959 3954->3955 3972 64d471-64d481 3955->3972 3960 64d436-64d444 3956->3960 3961 64d44a-64d451 call 6a8375 3956->3961 3963 64d6f8 call 6ad60f 3958->3963 3964 64d3db 3958->3964 3959->3954 3960->3961 3960->3963 3961->3955 3971 64d6fd call 6334d0 3963->3971 3964->3959 3976 64d702 call 6334d0 3971->3976 3974 64d483-64d494 3972->3974 3975 64d4d8-64d4e9 3972->3975 3974->3971 3977 64d49a-64d4a0 3974->3977 3975->3976 3978 64d4ef-64d4f5 3975->3978 3976->3929 3980 64d4a4-64d4a8 3977->3980 3981 64d4a2 3977->3981 3982 64d4f7 3978->3982 3983 64d4f9-64d4fd 3978->3983 3986 64d4ac-64d4d6 call 6340e8 3980->3986 3987 64d4aa 3980->3987 3981->3980 3982->3983 3984 64d501-64d522 call 6340e8 3983->3984 3985 64d4ff 3983->3985 3992 64d527-64d52f 3984->3992 3985->3984 3986->3992 3987->3986 3993 64d597-64d59f 3992->3993 3994 64d531-64d537 3992->3994 3997 64d5f0-64d5f9 3993->3997 3998 64d5a1-64d5b3 3993->3998 3995 64d539-64d548 3994->3995 3996 64d56a-64d594 3994->3996 4001 64d560-64d567 call 6a8375 3995->4001 4002 64d54a-64d558 3995->4002 3996->3993 3999 64d63b-64d689 call 639bb0 call 639940 call 631b84 call 634200 3997->3999 4000 64d5fb-64d604 3997->4000 3998->3997 4003 64d5b5-64d5ca 3998->4003 4024 64d68d-64d6f7 call 634190 call 63b8a0 call 692bfd call 64d740 call 6a8367 3999->4024 4025 64d68b 3999->4025 4000->3999 4006 64d606-64d61b 4000->4006 4001->3996 4002->3929 4007 64d55e 4002->4007 4004 64d5e0-64d5ed call 6a8375 4003->4004 4005 64d5cc-64d5da 4003->4005 4004->3997 4005->3929 4005->4004 4011 64d631-64d638 call 6a8375 4006->4011 4012 64d61d-64d62b 4006->4012 4007->4001 4011->3999 4012->3929 4012->4011 4025->4024
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __Mtx_init_in_situ.LIBCPMT ref: 0064D1E6
                                                                                                                                                                                        • Part of subcall function 0063BBB0: std::locale::_Init.LIBCPMT ref: 0063BBFC
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064D6C4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
                                                                                                                                                                                      • String ID: $+o$$p$.servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$<p$@p$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$`p$https://$u$*o
                                                                                                                                                                                      • API String ID: 655687434-223290961
                                                                                                                                                                                      • Opcode ID: cb47c868d58c25c287a5ce267d4959b6eec154ceddea02d280b1dcf4792668fc
                                                                                                                                                                                      • Instruction ID: 2687b41669a8f3dd8e6fea9ee80f2b6c9101feff5cdd4cb90b07f35379d5e078
                                                                                                                                                                                      • Opcode Fuzzy Hash: cb47c868d58c25c287a5ce267d4959b6eec154ceddea02d280b1dcf4792668fc
                                                                                                                                                                                      • Instruction Fuzzy Hash: C642AD70900745CFEB24DF28DD45BA9B7B1BF45308F0086ADE548AB692EB74AAC4CF54
                                                                                                                                                                                      Function 0064E380 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 271COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E4A1
                                                                                                                                                                                        • Part of subcall function 0064DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064DF0C
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 0064E3DE
                                                                                                                                                                                        • Part of subcall function 0064E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E161
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 0064E4FB
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E665
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E6F8
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
                                                                                                                                                                                      • String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]$`p$`p]
                                                                                                                                                                                      • API String ID: 1670716954-3557102455
                                                                                                                                                                                      • Opcode ID: 004f217827beb802070c99b59fc24b8f10d28c53d280996f0fb16f2e6175ad76
                                                                                                                                                                                      • Instruction ID: aa141a0a26288fc1f2639114d07ed0a72a23c9d49d1b56ff895103f169ec8a59
                                                                                                                                                                                      • Opcode Fuzzy Hash: 004f217827beb802070c99b59fc24b8f10d28c53d280996f0fb16f2e6175ad76
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2991D071900218DBDB54EF64DC42BEEB3BAEF15310F0041ADE909A7381EB756A48CEA5
                                                                                                                                                                                      Function 00655A23 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 265COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00656085
                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 0065610F
                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0065615A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FreeString$Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID: )$0p$4p$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                      • API String ID: 2663709405-4136711636
                                                                                                                                                                                      • Opcode ID: 53595d8c023b6f1427c8ad15e353f9256fe733a81713e1d74239e5fb76455d89
                                                                                                                                                                                      • Instruction ID: 6f2ef37135592e06d728b567d51ecd3f6594aa4757e30399b310fb14eda1a463
                                                                                                                                                                                      • Opcode Fuzzy Hash: 53595d8c023b6f1427c8ad15e353f9256fe733a81713e1d74239e5fb76455d89
                                                                                                                                                                                      • Instruction Fuzzy Hash: C1B1E170900348DBEF14DFA8C95879DBBB3AF41305F20865CE805AB3D2DB789A88CB55
                                                                                                                                                                                      Function 00644200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,AC3C8B06,?,?), ref: 00644257
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001,?,?), ref: 006442BC
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006442F2
                                                                                                                                                                                      • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 00644367
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?), ref: 00644375
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064440A
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?), ref: 0064455B
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Filename for process with id , xrefs: 006444B0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
                                                                                                                                                                                      • String ID: Filename for process with id
                                                                                                                                                                                      • API String ID: 563014942-4200337779
                                                                                                                                                                                      • Opcode ID: f813069334204a49b6ca993493e4f46bba0d8650625a94703c1511f421761418
                                                                                                                                                                                      • Instruction ID: 54beea08321992dc9333eac8a6c5384458a8d61a654af5fb66eed0e966039184
                                                                                                                                                                                      • Opcode Fuzzy Hash: f813069334204a49b6ca993493e4f46bba0d8650625a94703c1511f421761418
                                                                                                                                                                                      • Instruction Fuzzy Hash: A4D18C70D10259DBCB20EFA4D886BEEB7B6FF44304F10466DE409A7281EB746A48CF94
                                                                                                                                                                                      Function 006D00DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006CFE25: CreateFileW.KERNEL32(00000000,00000000,?,006D0187,?,?,00000000,?,006D0187,00000000,0000000C), ref: 006CFE42
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006D01F2
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006D01F9
                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 006D0205
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006D020F
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006D0218
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 006D0238
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 006D0385
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006D03B7
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006D03BE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                      • String ID: isl
                                                                                                                                                                                      • API String ID: 4237864984-4166070011
                                                                                                                                                                                      • Opcode ID: 12469575a2af8e9ecdf57134cd792aa8735b279841729c5071fcf4ee82a06ccf
                                                                                                                                                                                      • Instruction ID: aa7f8609640641ed8301ac0903d2f12fcf646b0cde642e25506173c7e02d83a2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 12469575a2af8e9ecdf57134cd792aa8735b279841729c5071fcf4ee82a06ccf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DA12432E042459FDF1DEF68DC96BAE3BA2AB06324F14015EE811EB391C7358D52CB55
                                                                                                                                                                                      Function 00643D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 00643E00
                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 00643F9C
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00643FCA
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 00643F97
                                                                                                                                                                                      • UNKNOWN, xrefs: 00643DD2
                                                                                                                                                                                      • WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 00643F81
                                                                                                                                                                                      • Error retrieving session id for generating log name., xrefs: 00643E0B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
                                                                                                                                                                                      • String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
                                                                                                                                                                                      • API String ID: 1186403813-1860316991
                                                                                                                                                                                      • Opcode ID: f2a6f9d9811751d5c0a779a89b0c0c1f2c987e747fc0eef72eee6d40767f7e9b
                                                                                                                                                                                      • Instruction ID: 55eef6cd85600c3a72bdadf896d3bee6edb0ed3ee157cc48311c113260d39d5a
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2a6f9d9811751d5c0a779a89b0c0c1f2c987e747fc0eef72eee6d40767f7e9b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0251C171E00225DFCB589FB4C885AAEBBB6FF04310F20022AE526D7790D7749A44CBA4
                                                                                                                                                                                      Function 006A9900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00654AA5,00654AA7,00000000,00000000,AC3C8B06,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9989
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00654AA5,?,00000000,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5), ref: 006A9A04
                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 006A9A0F
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A38
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A42
                                                                                                                                                                                      • GetLastError.KERNEL32(80070057,AC3C8B06,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A47
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A5A
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A70
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A83
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1353541977-0
                                                                                                                                                                                      • Opcode ID: 22e8342ec75298cad6397944c60921bdf8b79bc520a47c412257d1ec8fe0d685
                                                                                                                                                                                      • Instruction ID: ba9e54566b3cfc8d3f2b7c63c5a049f840d3648dbfced9a0541d7b2dfc70fe67
                                                                                                                                                                                      • Opcode Fuzzy Hash: 22e8342ec75298cad6397944c60921bdf8b79bc520a47c412257d1ec8fe0d685
                                                                                                                                                                                      • Instruction Fuzzy Hash: A741C471A00245AFDB10AF68DC45BEFBBAAAB46750F24462EF505E7281DB359C00CFA4
                                                                                                                                                                                      Function 0064EEC0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0064CCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064CDBB
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0064F0FC
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F268
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F307
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$`p
                                                                                                                                                                                      • API String ID: 1722207485-1554087230
                                                                                                                                                                                      • Opcode ID: a3e39ee3c30af6e5c103e5672c6558afaa94ccbed36cf4a1732958cc5a6fb9c9
                                                                                                                                                                                      • Instruction ID: 6f71594aa0ce0f26d26261acd3554e41d0739f51432399af842718d6accc8d65
                                                                                                                                                                                      • Opcode Fuzzy Hash: a3e39ee3c30af6e5c103e5672c6558afaa94ccbed36cf4a1732958cc5a6fb9c9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 89C1CEB0D002189BDB54EFA4CC55BEEB7B6AF45300F1042ADE416A73C2EB745E45CBA5
                                                                                                                                                                                      Function 00639C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0063E310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0063E36C
                                                                                                                                                                                      • __Mtx_init_in_situ.LIBCPMT ref: 00639DD4
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0063A06D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
                                                                                                                                                                                      • String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
                                                                                                                                                                                      • API String ID: 239504998-2017128786
                                                                                                                                                                                      • Opcode ID: bf141c91d7a9a12a8b1d5ef78e4fcd802c4481c9b57cb7f0471e848a647448a5
                                                                                                                                                                                      • Instruction ID: df8f613ff2792d78d12ac0b32b80ec4040d31ebef9b92d6da77ecd01aa4a6e7b
                                                                                                                                                                                      • Opcode Fuzzy Hash: bf141c91d7a9a12a8b1d5ef78e4fcd802c4481c9b57cb7f0471e848a647448a5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41C18A71D00249DFDB04DFA4C945BEEBBF2AF48304F20821DE415A7391EB79AA48CB95
                                                                                                                                                                                      Function 0064E0D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 171COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E161
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001), ref: 0064E278
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E351
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Event Sender already initialized for AWS, xrefs: 0064E137
                                                                                                                                                                                      • WinHttpCrackUrl failed for AWS: , xrefs: 0064E268
                                                                                                                                                                                      • `p, xrefs: 0064E30E
                                                                                                                                                                                      • Unable to open HTTP session for AWS, xrefs: 0064E327
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                      • String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS: $`p
                                                                                                                                                                                      • API String ID: 2211357200-4178717899
                                                                                                                                                                                      • Opcode ID: 6db15feaba2d083ddcc7823abcf45bc5826d95cbc46dc524d87184fa61cc44db
                                                                                                                                                                                      • Instruction ID: d927a4f1a740cfcd8a78712946e4063742a7ee8158c5cee3284dfb828694c8ce
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6db15feaba2d083ddcc7823abcf45bc5826d95cbc46dc524d87184fa61cc44db
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1161A0709007099BDB60DF60DC55BEAB7FAFB44305F00096DE51AA7380EBB56A48CFA5
                                                                                                                                                                                      Function 00646D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __Mtx_init_in_situ.LIBCPMT ref: 00646D7B
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00646F75
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00646F88
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
                                                                                                                                                                                      • String ID: event sender$=$Failed to initialize $async
                                                                                                                                                                                      • API String ID: 3676452600-816272291
                                                                                                                                                                                      • Opcode ID: 430a1f970a55466697177f3ae125e891842cd48205582f1a6f8f3373a93f766b
                                                                                                                                                                                      • Instruction ID: 23ee29d40166582e309a4f71f69eeb9da3781e4b76e5737a8f6d4540646751ca
                                                                                                                                                                                      • Opcode Fuzzy Hash: 430a1f970a55466697177f3ae125e891842cd48205582f1a6f8f3373a93f766b
                                                                                                                                                                                      • Instruction Fuzzy Hash: B5618C70904305CFDB45DF60C895BAEBBF6AF45300F5441ADE805AB382DBB59A48CFA6
                                                                                                                                                                                      Function 0064DE80 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064DF0C
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001), ref: 0064DFD7
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E0A2
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • WinHttpCrackUrl failed for Azure: , xrefs: 0064DFC7
                                                                                                                                                                                      • Unable to open HTTP session for Azure, xrefs: 0064E078
                                                                                                                                                                                      • `p, xrefs: 0064E05F
                                                                                                                                                                                      • Event Sender already initialized for Azure, xrefs: 0064DEE2
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                      • String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure: $`p
                                                                                                                                                                                      • API String ID: 2211357200-386503394
                                                                                                                                                                                      • Opcode ID: 1508be2e2bfebcec598755fe8e9fd40ced51bfa5d0437eb872b403cb6cb1e248
                                                                                                                                                                                      • Instruction ID: ab325c0f87d01f3acf41197de4f3795958b3a7fa9adc6b9fb92b8cb783f33aac
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1508be2e2bfebcec598755fe8e9fd40ced51bfa5d0437eb872b403cb6cb1e248
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A517E709003499BDB64DF50C855BEEB7FAFB04304F0049ADE506A7380EBB46A48CFA5
                                                                                                                                                                                      Function 0064928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00648FB0: CoCreateGuid.OLE32(?), ref: 00648FC8
                                                                                                                                                                                        • Part of subcall function 00648FB0: StringFromCLSID.OLE32(?,?), ref: 00648FE0
                                                                                                                                                                                        • Part of subcall function 00648FB0: CoTaskMemFree.OLE32(?), ref: 00649138
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006493D1
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
                                                                                                                                                                                      • String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
                                                                                                                                                                                      • API String ID: 598746661-2174109026
                                                                                                                                                                                      • Opcode ID: 8f2b063c9a8b7fbc503cb174f58bd0a325d848d6db7a0583415b07461c1fd00c
                                                                                                                                                                                      • Instruction ID: d26aa0bba44da5a97aef556e033c7f893f28f46d1c9b354e9180658c539cbc59
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f2b063c9a8b7fbc503cb174f58bd0a325d848d6db7a0583415b07461c1fd00c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C518F70900209DADF54EF60D851BEEB7A6EF51304F50815DE90A572C1EBB4AA48CFB5
                                                                                                                                                                                      Function 00645790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 00645808
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00645828
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00645830
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00645839
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FreeLibrary$AddressErrorLastProc
                                                                                                                                                                                      • String ID: NotComDllGetInterface$mfeaaca.dll
                                                                                                                                                                                      • API String ID: 1092183831-2777911605
                                                                                                                                                                                      • Opcode ID: d303bb3ad918c9b431a96093a0f9c140fd56339198e3b613efdfc65a2fd674fb
                                                                                                                                                                                      • Instruction ID: 6581c8d3d52afd74fe8bdf109c3097d29b12374674f68fbaaeb1b561a5229c59
                                                                                                                                                                                      • Opcode Fuzzy Hash: d303bb3ad918c9b431a96093a0f9c140fd56339198e3b613efdfc65a2fd674fb
                                                                                                                                                                                      • Instruction Fuzzy Hash: FC21C832D007299BDB119FA8D8896BEBBB9FF55350F440269EC02EB341EB718D048BD1
                                                                                                                                                                                      Function 00634D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00634C8E: GetCurrentProcessId.KERNEL32 ref: 00634CA6
                                                                                                                                                                                        • Part of subcall function 00634C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00634CB8
                                                                                                                                                                                        • Part of subcall function 00634C8E: Process32FirstW.KERNEL32(00000000,?), ref: 00634CD3
                                                                                                                                                                                        • Part of subcall function 00634C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 00634CE9
                                                                                                                                                                                        • Part of subcall function 00634C8E: CloseHandle.KERNEL32(00000000), ref: 00634CFA
                                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 00634D88
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00634DD0
                                                                                                                                                                                        • Part of subcall function 0063136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006313A5
                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00634DFC
                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00634E0D
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • CreateMutex failed: , xrefs: 00634DC2
                                                                                                                                                                                      • SaBsi.cpp, xrefs: 00634DA9
                                                                                                                                                                                      • Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 00634D7F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseCreateHandleInitIos_base_dtorOnceProcess32std::ios_base::_$BeginCompleteCurrentErrorFirstInitializeLastMutexNextObjectProcessSingleSnapshotToolhelp32Wait
                                                                                                                                                                                      • String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
                                                                                                                                                                                      • API String ID: 2598072538-1117126455
                                                                                                                                                                                      • Opcode ID: 6d7d534be6b33070559a7d6c7f1c972b249ba9f28a3277549b1024fd781df30e
                                                                                                                                                                                      • Instruction ID: 18245cccc0ea4669b4e4a0a88829c3830d0e7b1d31e70c426ef53ecc689ef3eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d7d534be6b33070559a7d6c7f1c972b249ba9f28a3277549b1024fd781df30e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D11C630258342ABD720EF20D845BAAB7E6BF51700F004D1CB4954B2D1EFB5A448CBE7
                                                                                                                                                                                      Function 0066E580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • af, xrefs: 0066E6A0
                                                                                                                                                                                      • invalid input, xrefs: 0066E5A3
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 0066E5AF, 0066E6C8
                                                                                                                                                                                      • NWebAdvisor::XMLParser::ParseBuffer, xrefs: 0066E5AA, 0066E6C3
                                                                                                                                                                                      • Unable to convert XML buffer into wide characters, xrefs: 0066E6BC
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __cftoe
                                                                                                                                                                                      • String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input$af
                                                                                                                                                                                      • API String ID: 4189289331-4059711921
                                                                                                                                                                                      • Opcode ID: 615ed6d8af5a36e3e634c3e52c3a22e0f5bbb00483416c3c778279d670f4025f
                                                                                                                                                                                      • Instruction ID: 76fd59161255db1f6b50e0606be5f23d750a80423c7befed8a366e2811cc58ed
                                                                                                                                                                                      • Opcode Fuzzy Hash: 615ed6d8af5a36e3e634c3e52c3a22e0f5bbb00483416c3c778279d670f4025f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B41F2B5A00304AFCB24EF64D842BAFF7E6BF14700F01452DE90A97681DFB5A9148B94
                                                                                                                                                                                      Function 0064CCB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064CDBB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                      • String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor$`p
                                                                                                                                                                                      • API String ID: 539357862-2887285511
                                                                                                                                                                                      • Opcode ID: c4a691c9231d299aca10b6057ed0fd2d457fc5c0b1f8001ae743df37285d51f2
                                                                                                                                                                                      • Instruction ID: 91f80d046188f09368cdb39cf2974d99acb8da263e37fce8cf28331ad42031da
                                                                                                                                                                                      • Opcode Fuzzy Hash: c4a691c9231d299aca10b6057ed0fd2d457fc5c0b1f8001ae743df37285d51f2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C314971D1420D9ADB54EBA4C852BEEB7BAFF08300F50456DE506B32C1EB745A48CBA5
                                                                                                                                                                                      Function 00635A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00635A59
                                                                                                                                                                                        • Part of subcall function 00635C1E: CoCreateInstance.OLE32(006FD808,00000000,00000017,0070B024,00000000,AC3C8B06,?,?,?,00000000,00000000,00000000,006D8687,000000FF), ref: 00635C7A
                                                                                                                                                                                        • Part of subcall function 00635C1E: OleRun.OLE32(00000000), ref: 00635C89
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 00635B97
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Failed to create Global Options object. Error , xrefs: 00635AA9
                                                                                                                                                                                      • Activation option is set successfuly, xrefs: 00635B69
                                                                                                                                                                                      • Failed to set new option. Error , xrefs: 00635B26
                                                                                                                                                                                      • i, xrefs: 00635B5D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
                                                                                                                                                                                      • String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
                                                                                                                                                                                      • API String ID: 1362393928-3233122435
                                                                                                                                                                                      • Opcode ID: f1800a1b2f007f3bd68b7ba8692ad0958b97fbe53c94c291a34ef66f49df9a1c
                                                                                                                                                                                      • Instruction ID: 133673e045e314937fe8fb7a6e26d7df0c016da0e4a363c676a2652efb298428
                                                                                                                                                                                      • Opcode Fuzzy Hash: f1800a1b2f007f3bd68b7ba8692ad0958b97fbe53c94c291a34ef66f49df9a1c
                                                                                                                                                                                      • Instruction Fuzzy Hash: ED312970A10219DADF44EBA4CC66BEDB376BF14300F40459CE502AB2C1EB745A45CFE6
                                                                                                                                                                                      Function 00654B40 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 562COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00655182
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
                                                                                                                                                                                      • String ID: 8p$Invalid arguements passed to AddDimension$N
                                                                                                                                                                                      • API String ID: 4106036149-1663999721
                                                                                                                                                                                      • Opcode ID: 898f1544fd5617343370f318b05611939c39c7cc3cf03b2cae6a8ad63c02ad1b
                                                                                                                                                                                      • Instruction ID: c29b8cd3bcacb2c4dcf1436ddb44e772a41cac0e95355a8994cdfe1d3e8108b6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 898f1544fd5617343370f318b05611939c39c7cc3cf03b2cae6a8ad63c02ad1b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F32BD709002589FDB24DF64C849B9EBBF2BF45304F14829DE859AB391DB75A988CF81
                                                                                                                                                                                      Function 006B22D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __allrem.LIBCMT ref: 006B2461
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B247D
                                                                                                                                                                                      • __allrem.LIBCMT ref: 006B2494
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B24B2
                                                                                                                                                                                      • __allrem.LIBCMT ref: 006B24C9
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B24E7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                      • Opcode ID: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                      • Instruction ID: 4be7ec6804d4828513a2d4c20d433ed9014009cc6e1602a037b4c3b2928733fa
                                                                                                                                                                                      • Opcode Fuzzy Hash: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                      • Instruction Fuzzy Hash: A281E5F2A007039BE724AF28CC91BEAB3E7AF45720F14852EE515D7781E774DA818B54
                                                                                                                                                                                      Function 00668650 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 337COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 00668AF6
                                                                                                                                                                                      • Failed to create log message string. Error 0x, xrefs: 006689CF
                                                                                                                                                                                      • $+o, xrefs: 006687F3
                                                                                                                                                                                      • *o, xrefs: 006689A7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Initstd::locale::_
                                                                                                                                                                                      • String ID: $+o$Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp$*o
                                                                                                                                                                                      • API String ID: 1620887387-3475664545
                                                                                                                                                                                      • Opcode ID: 45ccc93842236a9c18af30241f5fba035752be4789949ddeba784dcb76bfde27
                                                                                                                                                                                      • Instruction ID: 25ce9a6827292b0831ea9ee03af9390c0f45ed8aa642a71f72319bdee7ed3cd1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 45ccc93842236a9c18af30241f5fba035752be4789949ddeba784dcb76bfde27
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DE13B70A00259DFDB24CF68C855BEDB7B6BF49304F10829AE909A7380DB759E84CF90
                                                                                                                                                                                      Function 006407C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __Mtx_destroy_in_situ.LIBCPMT ref: 0064085F
                                                                                                                                                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00640903
                                                                                                                                                                                      • LocalFree.KERNEL32(?,?), ref: 00640A26
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00641020
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 006408FE
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
                                                                                                                                                                                      • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                      • API String ID: 4147401711-3078421892
                                                                                                                                                                                      • Opcode ID: ec08515d579bc23456acf9ab44ab5e2980f9d2a03f1efbe9e032db9f6ee51482
                                                                                                                                                                                      • Instruction ID: 5ced52aee5b8520cbd48c1e59d3d8ca2a0b6bdc147a65392873cffda18277f83
                                                                                                                                                                                      • Opcode Fuzzy Hash: ec08515d579bc23456acf9ab44ab5e2980f9d2a03f1efbe9e032db9f6ee51482
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C6114719002549FEB18DF68CC85BDEBBB6EF45304F0041ADE5099B791DB74AA84CF94
                                                                                                                                                                                      Function 00637F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __Xtime_get_ticks.LIBCPMT ref: 00637FAA
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00637FBC
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00637FD0
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00637FE2
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
                                                                                                                                                                                      • String ID: [%Y%m%d %H:%M:%S.
                                                                                                                                                                                      • API String ID: 3638035285-2843400524
                                                                                                                                                                                      • Opcode ID: a9b748faec7b7c4561fd81788949dce96e6c505f181ae7217b7aa1bcdc722f4c
                                                                                                                                                                                      • Instruction ID: c1dada199f52da081e0dc6a9ba95523a0ee1d2363940099bb0c243ac926aafc9
                                                                                                                                                                                      • Opcode Fuzzy Hash: a9b748faec7b7c4561fd81788949dce96e6c505f181ae7217b7aa1bcdc722f4c
                                                                                                                                                                                      • Instruction Fuzzy Hash: EA318071E00314AFDB50DBA4CC46FAEB7FAEB44B10F10412EF504AB381EB746A048B99
                                                                                                                                                                                      Function 006D4DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s%s$%s\%s$\\?\
                                                                                                                                                                                      • API String ID: 0-2843747179
                                                                                                                                                                                      • Opcode ID: 27bcee01401f2066ec2051ffa806c3c27e505ae374392601548641133901967e
                                                                                                                                                                                      • Instruction ID: 890141bf527f6a834477c5087e157184db9190ea79c97659d185abf0576d3068
                                                                                                                                                                                      • Opcode Fuzzy Hash: 27bcee01401f2066ec2051ffa806c3c27e505ae374392601548641133901967e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 83D18F71D00218DFDF10DFE4CC85AEEB7BAAF49310F54052AE816A7791E734AA45CBA1
                                                                                                                                                                                      Function 006739A0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 270registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,AC3C8B06,00000000,00000001), ref: 006739FC
                                                                                                                                                                                        • Part of subcall function 00672820: RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,AC3C8B06,?,?,?), ref: 006728AC
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00673D36
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseInfoOpenQuery
                                                                                                                                                                                      • String ID: SOFTWARE\WATesting$path
                                                                                                                                                                                      • API String ID: 2142960691-1550987622
                                                                                                                                                                                      • Opcode ID: 2ce55e17bad45df256e0a933e3dfeccb281ff34d7bdfced9ee1f2790246110aa
                                                                                                                                                                                      • Instruction ID: 4badab2eb598bcc17b91231f294d622330f4a7d340d1fedb7d7e9402b9967f69
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ce55e17bad45df256e0a933e3dfeccb281ff34d7bdfced9ee1f2790246110aa
                                                                                                                                                                                      • Instruction Fuzzy Hash: 12B1A071A00258DFCB24DB64CD49BEEBBB6AF45304F1041D9E409AB391DB74AB88CF51
                                                                                                                                                                                      Function 0066FBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,0070BFD0,00000000,0070BFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,0070BFD0,00000000,AC3C8B06), ref: 0066FC1D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 0066FC99
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 0066FC9E
                                                                                                                                                                                      • Destination directory does not exist, xrefs: 0066FC8F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                      • String ID: Destination directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
                                                                                                                                                                                      • API String ID: 3188754299-3555079292
                                                                                                                                                                                      • Opcode ID: 4e14ce6a681cf48dc152ea83b8ad0bce4e33c0ce39d2a5c268ec56f97519b9f7
                                                                                                                                                                                      • Instruction ID: 6f2830aab670f184058367e0ac296f9c923ba19c53a595ba2ca4dc5fc7f54288
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e14ce6a681cf48dc152ea83b8ad0bce4e33c0ce39d2a5c268ec56f97519b9f7
                                                                                                                                                                                      • Instruction Fuzzy Hash: AA212175E0021CAFCF00DFA8D842AEEB7F6AB48714F11426AFC15B7281DB749A45CB94
                                                                                                                                                                                      Function 0065CC20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001), ref: 0065CCBB
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065CCEC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
                                                                                                                                                                                      • String ID: Pp$Unable to set proxy option, error:
                                                                                                                                                                                      • API String ID: 879576418-3035955081
                                                                                                                                                                                      • Opcode ID: 36df9744e01d8721832885c22d82fa0c17ffa2a47d4b084147482c00fe66be6f
                                                                                                                                                                                      • Instruction ID: b03f30a627a0950ebea69013c9d991715e26af5e6bace1193a57af504eb2d903
                                                                                                                                                                                      • Opcode Fuzzy Hash: 36df9744e01d8721832885c22d82fa0c17ffa2a47d4b084147482c00fe66be6f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 62319171A00319DFEB64DF54CC05BEEB7BAFB04710F00866DE805A7290EB745A08CBA5
                                                                                                                                                                                      Function 0063DC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0063E367
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                      • API String ID: 0-3078421892
                                                                                                                                                                                      • Opcode ID: 68b624916b75acb5dbbbf7f385405b4d6e8863676720da299c75cb72c0a22de4
                                                                                                                                                                                      • Instruction ID: 34931706be184eeedb8c9106734ef4d422fee6d614f1d82d27dd0baa09482b86
                                                                                                                                                                                      • Opcode Fuzzy Hash: 68b624916b75acb5dbbbf7f385405b4d6e8863676720da299c75cb72c0a22de4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A22E3719002089BCB14DF68DC89BDEB7B6FF45304F10869DE409A7791DB75AA84CBA4
                                                                                                                                                                                      Function 0063E310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0063E36C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0063E367
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                      • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                      • API String ID: 3907675253-3078421892
                                                                                                                                                                                      • Opcode ID: 8d2b198a74eb3a250416965341d8b37abaf375afa2ee4776e87a4ab081def768
                                                                                                                                                                                      • Instruction ID: 7fac489ff8c15c29b8bda473c027edd4f961bd4a0cd0908fa40274ca2870cf87
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d2b198a74eb3a250416965341d8b37abaf375afa2ee4776e87a4ab081def768
                                                                                                                                                                                      • Instruction Fuzzy Hash: D481A4709012599BDB24DF24DD89BDDB7B2EF85304F1046D9E008A7291E77AAF84CFA4
                                                                                                                                                                                      Function 006C5FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C576D: GetConsoleCP.KERNEL32(?,0066860A,00000000), ref: 006C57B5
                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,0071C218,AC3C8B06,00000000,AC3C8B06,0066860A,0066860A,0066860A,AC3C8B06,00000000,?,006B591E,00000000,0071C218,00000010), ref: 006C6129
                                                                                                                                                                                      • GetLastError.KERNEL32(?,006B591E,00000000,0071C218,00000010,0066860A), ref: 006C6133
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006C6178
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 251514795-0
                                                                                                                                                                                      • Opcode ID: e3eb1c8f6f17047682140f9c35fb77c4d736b4dbd9a889b48976e7ba2b645526
                                                                                                                                                                                      • Instruction ID: b2f88bacefa7d26a1af6bd953cc279f008e22b91645f054a914f0c05d4ee4123
                                                                                                                                                                                      • Opcode Fuzzy Hash: e3eb1c8f6f17047682140f9c35fb77c4d736b4dbd9a889b48976e7ba2b645526
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6251A071A00209AADB149FA8CD85FFEBBBAEF09354F080059F501BB252D675DD428B69
                                                                                                                                                                                      Function 0063E640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(00000000,AC3C8B06,0000005C,?,?,?,?,00000000,006D952D,000000FF,?,0063E09D), ref: 0063E681
                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,006D952D,000000FF,?,0063E09D), ref: 0063E738
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,006D952D,000000FF,?,0063E09D), ref: 0063E742
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AttributesCreateDirectoryErrorFileLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 674977465-0
                                                                                                                                                                                      • Opcode ID: 31c70a08a2fc283047902febe65b2dd6931f58a14833edb935483441f3a4bf2d
                                                                                                                                                                                      • Instruction ID: 3c7249f8584f0db61add2d50da996913a4377962d1445a44904138d0d5db8a14
                                                                                                                                                                                      • Opcode Fuzzy Hash: 31c70a08a2fc283047902febe65b2dd6931f58a14833edb935483441f3a4bf2d
                                                                                                                                                                                      • Instruction Fuzzy Hash: AC31D071A002049BDB24DFA8E985BAEB7B6FB49714F10466EE805937D0D736A904CBE4
                                                                                                                                                                                      Function 006C6B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,0066860A,?,006C6A9A,0066860A,0071C5B8,0000000C,006C6B4C,0071C218), ref: 006C6BC2
                                                                                                                                                                                      • GetLastError.KERNEL32(?,006C6A9A,0066860A,0071C5B8,0000000C,006C6B4C,0071C218), ref: 006C6BCC
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006C6BF7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                      • Opcode ID: 390fd9cc4a767823d278b1ae5afb1600478479350730dd2fa9d324283a0dd42e
                                                                                                                                                                                      • Instruction ID: ecba75ec6c4638bb600553a36fa2fc0c9cd046e00ed8be7962f6658bf8b57e64
                                                                                                                                                                                      • Opcode Fuzzy Hash: 390fd9cc4a767823d278b1ae5afb1600478479350730dd2fa9d324283a0dd42e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1401493260D1A416C6246378EC46FBE774BDF83738F25424DF82DCB2D2DA358C8181A9
                                                                                                                                                                                      Function 006C68F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,006CF765,00000008,00000000,?,?,?,006C69A3,00000000,00000000,?,006CF765), ref: 006C692F
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,006C69A3,00000000,00000000,?,006CF765,?,006CF765,?,00000000,00000000,00000001,?,00000008), ref: 006C6939
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006C6940
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2336955059-0
                                                                                                                                                                                      • Opcode ID: 87c9cf2c7b57ce8bd60228db3230a328816474a73d6e6e2f1b34e7b9760fc5f7
                                                                                                                                                                                      • Instruction ID: bb00f1b4e1866c4f17c95ef18ed85854db970bbc9a7cda7ee1d8a8edc51b6b6c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 87c9cf2c7b57ce8bd60228db3230a328816474a73d6e6e2f1b34e7b9760fc5f7
                                                                                                                                                                                      • Instruction Fuzzy Hash: B101FC32614555AFCB059FA9DC45DBE3B2FEB86320724020CF412DB2D0EA71DD428B64
                                                                                                                                                                                      Function 00684C69 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: d212d49f50e7e5ed686f33453205b6d1b7f2496805a152c451282d057cde9c53
                                                                                                                                                                                      • Instruction ID: 295b54587b2aa18d2a8242479f7294105104f4fe7a414efc42249d07777e63ca
                                                                                                                                                                                      • Opcode Fuzzy Hash: d212d49f50e7e5ed686f33453205b6d1b7f2496805a152c451282d057cde9c53
                                                                                                                                                                                      • Instruction Fuzzy Hash: AAB012D525D107BD3354211A6D06C77011EC5C0B20F30422EF500C008098850C8510B5
                                                                                                                                                                                      Function 00684CEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: 98c93d7004c1209836bb9f5b86299352be1830db80a2bb3228744a3d5b4476aa
                                                                                                                                                                                      • Instruction ID: 88b76c7dee7c67c8979cf890f999d6b7d7503d8f58162eba1a286ecb69fd208e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 98c93d7004c1209836bb9f5b86299352be1830db80a2bb3228744a3d5b4476aa
                                                                                                                                                                                      • Instruction Fuzzy Hash: BCB012C125D007BD3394610E6E12D37011EC1C0B20F30812EF108C0180D8850C421132
                                                                                                                                                                                      Function 00684CFA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: 8521591e558e68957226f4dd0e0df386022c9ed341d89ced85314df1e1368bb1
                                                                                                                                                                                      • Instruction ID: 3aca1bfb830d02e53e16dee21b7027f8ca04eb6ddd516a83647e0a0d73265f1b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8521591e558e68957226f4dd0e0df386022c9ed341d89ced85314df1e1368bb1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 82B012C125D007BD3294610E6D12E37012EE1C0B20F30412EF004C0180D8840C415132
                                                                                                                                                                                      Function 00684CCA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: 5338efc1c336c92e4ce33e1a8990857606a8a27a971ce3f8730a8ec2d78ed9ab
                                                                                                                                                                                      • Instruction ID: 3cc6610e0e07957100274e26aa6f77f0ca7ffe155bb300493efd23fe3bdecab1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5338efc1c336c92e4ce33e1a8990857606a8a27a971ce3f8730a8ec2d78ed9ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 79B012C125D017FD3694610E6D12D37011EC2C0B20F30812EF404C0180D8C40C421132
                                                                                                                                                                                      Function 00684CDA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: f1fe8000f88ce5c0b17ce0592a7de6de275e915e81b36a68394d7af0aeb3a37f
                                                                                                                                                                                      • Instruction ID: 41712fb1a011c716c04ff078fbf51e4690eabdb290d6e30ab7afa02ea1c169e8
                                                                                                                                                                                      • Opcode Fuzzy Hash: f1fe8000f88ce5c0b17ce0592a7de6de275e915e81b36a68394d7af0aeb3a37f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 15B012C125D107BD3394610E6D12D77011EC1C0B20F30422EF404C0190D8840C851136
                                                                                                                                                                                      Function 00684CAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: 3d8e88c89db87bd98450e4d567188ed8d6797630d5aa85c9f1ca6f11247990b5
                                                                                                                                                                                      • Instruction ID: 9d65710b43b611d5a960646f05aa2b193fa7d96f6fbe7681e9fb78909cecaef9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d8e88c89db87bd98450e4d567188ed8d6797630d5aa85c9f1ca6f11247990b5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 64B012C125D0077D3394610E6D02C37011ED1C0B20F30812EF208C11C0D8850C421131
                                                                                                                                                                                      Function 00684CBA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: ef0b06470fabb50feb8731352cda8606c4c26c6e8f7a4f967f39725775504d59
                                                                                                                                                                                      • Instruction ID: 3dcb6639d2563a7cd7879e65ee1b07a8160bc243a93477a4c55fe950fdbc2d3b
                                                                                                                                                                                      • Opcode Fuzzy Hash: ef0b06470fabb50feb8731352cda8606c4c26c6e8f7a4f967f39725775504d59
                                                                                                                                                                                      • Instruction Fuzzy Hash: D6B012C125D017BD3694610E6C02C37011EC6C0B20F31812EF504C0180D8850C411531
                                                                                                                                                                                      Function 00684C8A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: dda6048916b152d2182b67135a3d7429004f767b6ea35c253731e205e528aa7b
                                                                                                                                                                                      • Instruction ID: 5e28730c9eb7027c146af0a490c065a6cc8637e60dfc98c72ed9f06725514515
                                                                                                                                                                                      • Opcode Fuzzy Hash: dda6048916b152d2182b67135a3d7429004f767b6ea35c253731e205e528aa7b
                                                                                                                                                                                      • Instruction Fuzzy Hash: D4B012C125D017BD3694610EAC02C37011EC2C0B20F30852EF504C11D0D8840C411131
                                                                                                                                                                                      Function 00684C9A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684C81
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: yt
                                                                                                                                                                                      • API String ID: 1269201914-4251244651
                                                                                                                                                                                      • Opcode ID: c1f3aebc5451820e0e635735cd0a3b978d4955c38bfaba6110b7d7df65db8e62
                                                                                                                                                                                      • Instruction ID: 5b1d56b74b84b455e22402e480ca567d2dcc8bed0652c213d4caad85c1813e8e
                                                                                                                                                                                      • Opcode Fuzzy Hash: c1f3aebc5451820e0e635735cd0a3b978d4955c38bfaba6110b7d7df65db8e62
                                                                                                                                                                                      • Instruction Fuzzy Hash: E7B012C125D1077D3394610E6C02C77011EC1C0B20F30422EF504C11C0D8840C851139
                                                                                                                                                                                      Function 00684D6B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 364e9b28e19b3c365287f3d89a76c5d0c82a2910090936f1b55d59b73a397bdb
                                                                                                                                                                                      • Instruction ID: 51c3207f0d7403c7bc2be9c3cad7b1a3676ba226b7f473167dfee9b39a6b8129
                                                                                                                                                                                      • Opcode Fuzzy Hash: 364e9b28e19b3c365287f3d89a76c5d0c82a2910090936f1b55d59b73a397bdb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AB012C1358107BC3754610DAC02C77422ED5C1B10B30432EF804C0281D8480C856135
                                                                                                                                                                                      Function 00684D61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 672794077c46d0662d6223cca3a621ebd121146207720c3ee0f0b8856a38fb14
                                                                                                                                                                                      • Instruction ID: 7abc9cbb0de91fdd6ffaede7d7c1101460bc7b32d92ae1c68a47cd02747f3597
                                                                                                                                                                                      • Opcode Fuzzy Hash: 672794077c46d0662d6223cca3a621ebd121146207720c3ee0f0b8856a38fb14
                                                                                                                                                                                      • Instruction Fuzzy Hash: 72B012C1358117FC3A54610DAC02C37022EC6C1B10730822EF904C0281D8480C416131
                                                                                                                                                                                      Function 00684D7F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 7b9f71e8848f0c02dcf3a2d7b1985999890d9c8aeacb32d97a388084df740140
                                                                                                                                                                                      • Instruction ID: fa317daae0b7c63b21107930124124722ed264c803684d85bbea90a881857b73
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b9f71e8848f0c02dcf3a2d7b1985999890d9c8aeacb32d97a388084df740140
                                                                                                                                                                                      • Instruction Fuzzy Hash: 85B012C139810BBC3654610EAC02D37023ED5C1B10730422EF404C0281D8480C41A231
                                                                                                                                                                                      Function 00684D75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 50b4e7cc11c969e3525109de9d094bc79dc4952b1c4b650afe281a8dc1f0bdd7
                                                                                                                                                                                      • Instruction ID: c6cc37096f81c81aa1f1e122f0ca94bc3b686ae1fb1d2c5842e04caee6bce65b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 50b4e7cc11c969e3525109de9d094bc79dc4952b1c4b650afe281a8dc1f0bdd7
                                                                                                                                                                                      • Instruction Fuzzy Hash: CDB012C1258017FC3A54610DAC02C37022ED6C1B10730C22EF904C0281D8480C456131
                                                                                                                                                                                      Function 00684D4D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: bd11cc60c7d16f1fc1106b68154984d4c0f0a18486913cb00d57df138dc7d7e2
                                                                                                                                                                                      • Instruction ID: 49870ff778436061bcd6339e26214dbf5cc48f7f329d9397ed413c49ac91084d
                                                                                                                                                                                      • Opcode Fuzzy Hash: bd11cc60c7d16f1fc1106b68154984d4c0f0a18486913cb00d57df138dc7d7e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EB012C1359017FC3B54610DAC02C37423ED6C1B10B30822EF804C1281D8480C456131
                                                                                                                                                                                      Function 00684D43 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: a067238a889c54328413efc0617b6d4cc4cc65eade575f429a664c1a0112e76d
                                                                                                                                                                                      • Instruction ID: 0a14225480ffe56f10b0df0674d6dd611c49d49b06bbe2505e1514da36447991
                                                                                                                                                                                      • Opcode Fuzzy Hash: a067238a889c54328413efc0617b6d4cc4cc65eade575f429a664c1a0112e76d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 49B012C1258007BC3754610DED02C77022FC5C1B20770832EF509C0281D8484C426135
                                                                                                                                                                                      Function 00684D57 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: baad6ce911c4faf45d9bfce890ef647c33c6dcc403dc6d0357dd28c642211115
                                                                                                                                                                                      • Instruction ID: 4fc8523369ddf4d36afba03f3d1b951a6a180490628854f6d2ac93aae6b62356
                                                                                                                                                                                      • Opcode Fuzzy Hash: baad6ce911c4faf45d9bfce890ef647c33c6dcc403dc6d0357dd28c642211115
                                                                                                                                                                                      • Instruction Fuzzy Hash: C5B012C1268007BC3654610DEC02D77023ED5C1B20730432FF405C0281D8484C41A135
                                                                                                                                                                                      Function 00684D2F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 703297392972262dbc2d5a6d63560b7de825e58d6c0e9b284396289848a50ec7
                                                                                                                                                                                      • Instruction ID: 76926cb8ab57a2c46462e1434b8e49c80a08d7f87d6fcb16ab9004476a141289
                                                                                                                                                                                      • Opcode Fuzzy Hash: 703297392972262dbc2d5a6d63560b7de825e58d6c0e9b284396289848a50ec7
                                                                                                                                                                                      • Instruction Fuzzy Hash: DAB012C1258017FC3A54610DEC02C77032EC6C5B20730832EF805C0381D8484C416135
                                                                                                                                                                                      Function 00684D25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 90f74ebc93f3f866b34bdfd079fca40f524dafe523218ba662d1b8c762629458
                                                                                                                                                                                      • Instruction ID: 34b7bad7fadff015bf290d9a712c4bffb9721d8af373645291d2825222b1c77f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 90f74ebc93f3f866b34bdfd079fca40f524dafe523218ba662d1b8c762629458
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AB012C1358007BD3654610DAC02D77423EE5C1B10B30432EF404C0281D8480C41A131
                                                                                                                                                                                      Function 00684D39 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 91ac993ebf4ea8b682a6495b90917ad9d4e0d43a13cd37af0d77fb2cbc3b5394
                                                                                                                                                                                      • Instruction ID: fe947db4772d8bf99d66e96886b4f12fe4aa79514ea0b6f5525bf7682e4ec85e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 91ac993ebf4ea8b682a6495b90917ad9d4e0d43a13cd37af0d77fb2cbc3b5394
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AB012C1258107BC3754610DEC02CB7022EC5C1B20730432EF805C0281D8484C856139
                                                                                                                                                                                      Function 00684D0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: e717aac4925856138197b4a047d5a283d06a346a89a2aeeb4627b5e61533a83d
                                                                                                                                                                                      • Instruction ID: c6c089d4bd7e39124b0e9c3d49f1173b3ca7bed7f0472207a5a2b42ac39cc515
                                                                                                                                                                                      • Opcode Fuzzy Hash: e717aac4925856138197b4a047d5a283d06a346a89a2aeeb4627b5e61533a83d
                                                                                                                                                                                      • Instruction Fuzzy Hash: D6B012C1358007BC37142109AD02C37422ED5C1B10B30822EF504C0182D8480C426031
                                                                                                                                                                                      Function 00684D89 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 2f5d616afdcdbb893e1fa333ba1daf489b9d5839309b0ce0edf268ead5b43460
                                                                                                                                                                                      • Instruction ID: 8c7117fce4d54b1e66ac24467216dd6ecc267cb82fb5c60669b02a6e8bbbe80d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f5d616afdcdbb893e1fa333ba1daf489b9d5839309b0ce0edf268ead5b43460
                                                                                                                                                                                      • Instruction Fuzzy Hash: 80B012C1358207BC3754610DBD02C37022EC5C1B10730822EF508C0281D8480C426131
                                                                                                                                                                                      Function 00684D93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684D1C
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID: `ato
                                                                                                                                                                                      • API String ID: 1269201914-3307817267
                                                                                                                                                                                      • Opcode ID: 8bac0a395df210577607b5f87edea08259ffe8c818779802c2d704974d3c210a
                                                                                                                                                                                      • Instruction ID: c9176c009d45df1c58e7559aaf96dd554032fd2ab2ceb4fbb3781f7e77921435
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bac0a395df210577607b5f87edea08259ffe8c818779802c2d704974d3c210a
                                                                                                                                                                                      • Instruction Fuzzy Hash: A0B012C1358207BC3B54610DAC02C77022EC5C1B10730432EF804C0281D8480C85A535
                                                                                                                                                                                      Function 00654A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 00654AD2
                                                                                                                                                                                      • SysFreeString.OLEAUT32(-00000001), ref: 00654AFD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FreeString_com_issue_error
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 709734423-0
                                                                                                                                                                                      • Opcode ID: 59620d32bcadaec81c18433b823b93ff5b018ed022fc9d733aec518ea74f0211
                                                                                                                                                                                      • Instruction ID: a287df8cb3f70c08bb5ea9623b65f5f6916438954484ad3c5d0be5d02aeb8d59
                                                                                                                                                                                      • Opcode Fuzzy Hash: 59620d32bcadaec81c18433b823b93ff5b018ed022fc9d733aec518ea74f0211
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C21E5B1900711ABD7209F55C805B4AF7E9EF41B21F24471EF81597380DBB4E844CB94
                                                                                                                                                                                      Function 006C5BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000,?,0066860A,00000000,?,006C610D,0066860A,0066860A,00000000,0071C218,AC3C8B06,0066860A), ref: 006C5C8C
                                                                                                                                                                                      • GetLastError.KERNEL32(?,006C610D,0066860A,0066860A,00000000,0071C218,AC3C8B06,0066860A,0066860A,0066860A,AC3C8B06,00000000,?,006B591E,00000000,0071C218), ref: 006C5CB2
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 442123175-0
                                                                                                                                                                                      • Opcode ID: 8a40da77360778c808b9407a202cab088fd7757bf10cacf5402f1a0d8715daaa
                                                                                                                                                                                      • Instruction ID: d02fa9a08967c489d75140aed8e138425c1380d1571352b87a25008c3a2a972f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a40da77360778c808b9407a202cab088fd7757bf10cacf5402f1a0d8715daaa
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8215E31A002199FCB19DF29DC80AE9B7BAEB59301B1480ADE946D7251D630AE868B64
                                                                                                                                                                                      Function 00639BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                      • InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 51270584-0
                                                                                                                                                                                      • Opcode ID: 4d6741734cc4bce6dc25c6b4286758839f8fe5430a8834a48508b19bc861aee8
                                                                                                                                                                                      • Instruction ID: 5f1b6635b307b66233792558bf33ede972fe040301d0c37c17c22b1151ab8dd6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d6741734cc4bce6dc25c6b4286758839f8fe5430a8834a48508b19bc861aee8
                                                                                                                                                                                      • Instruction Fuzzy Hash: FE01C470A406499FEB50DF949C06BAAB3B5FB04B04F104129F5119B2C1DFB55504CA95
                                                                                                                                                                                      Function 006A99E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00654AA5,?,00000000,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5), ref: 006A9A04
                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 006A9A0F
                                                                                                                                                                                        • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A38
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A42
                                                                                                                                                                                      • GetLastError.KERNEL32(80070057,AC3C8B06,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A47
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A5A
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,?,006ABE00,0071BF08,000000FE,?,00654AA5,?), ref: 006A9A70
                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 006A9A83
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 878839965-0
                                                                                                                                                                                      • Opcode ID: ac533db9b3d010e3e3f51d9a94b5efa8da9ca2a72ee54c99c112c4f4f28f6e1a
                                                                                                                                                                                      • Instruction ID: 11628b1fdaaa1037fc7eed8e1a56608794f7a35abb9b896d8bbc3c4ba44bb886
                                                                                                                                                                                      • Opcode Fuzzy Hash: ac533db9b3d010e3e3f51d9a94b5efa8da9ca2a72ee54c99c112c4f4f28f6e1a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 76016275F052549FDB20AF949845BEFF7B6EF49710F10012AEA0567351DB315D10CBA4
                                                                                                                                                                                      Function 0065DEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHDeleteKeyW.SHLWAPI(?,0070BFD0,?,0065DE7B), ref: 0065DED6
                                                                                                                                                                                      • RegCloseKey.KERNEL32(?,?,0065DE7B), ref: 0065DEE4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseDelete
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 453069226-0
                                                                                                                                                                                      • Opcode ID: 84e1be501f4021cedeab1b14bd4c8045de1340e4d0ed6b4401620eba6d965b1d
                                                                                                                                                                                      • Instruction ID: 3955de4ac269ec7efbbfda5180f40a982b2d6eef163b8ca4510b1bda3ce4b283
                                                                                                                                                                                      • Opcode Fuzzy Hash: 84e1be501f4021cedeab1b14bd4c8045de1340e4d0ed6b4401620eba6d965b1d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CE01A70504B528FD730CF29F849B83BBE9AB04711F14C84DE89AD7A94C7B8E884CB54
                                                                                                                                                                                      Function 0063DEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,AC3C8B06,?,?), ref: 0063DF08
                                                                                                                                                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0063E36C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DescriptorSecurity$ConvertFolderPathSpecialString
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4077199523-0
                                                                                                                                                                                      • Opcode ID: a07dc016025aa3827a2c162e6db8df78a9e39a2bcde3d91ff59bebf4107b55e4
                                                                                                                                                                                      • Instruction ID: 43cfe442b83a9945839bb69320622f6e002a477b09aff7bb53e52b34f926b003
                                                                                                                                                                                      • Opcode Fuzzy Hash: a07dc016025aa3827a2c162e6db8df78a9e39a2bcde3d91ff59bebf4107b55e4
                                                                                                                                                                                      • Instruction Fuzzy Hash: E2C1EF31A002049BCB28DF68DD8979DB7B2FF85304F10869DD4099B791DB76AB85CFA4
                                                                                                                                                                                      Function 006C627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6036b7ebb943a358d41ff6347556158a0af9798c6c0c7fac2cf5fc106034dd3b
                                                                                                                                                                                      • Instruction ID: 5666c7a5b7cd1e451609862867f08efc123b260970fa7ce8e83b00f120d0a95c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6036b7ebb943a358d41ff6347556158a0af9798c6c0c7fac2cf5fc106034dd3b
                                                                                                                                                                                      • Instruction Fuzzy Hash: EE41CF70A00144AFDB14DF58C881FB97BA3EB89364F2891ACF4499B352D631DD42CB59
                                                                                                                                                                                      Function 00691F70 Relevance: 1.6, APIs: 1, Instructions: 104encryptionCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CertGetCertificateChain.CRYPT32(00000000,?,?,?), ref: 0069206C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CertCertificateChain
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3019455780-0
                                                                                                                                                                                      • Opcode ID: 39b6ba575176afd7dbff27caf8ab59e078932d53ee68513fb93015f85653df5e
                                                                                                                                                                                      • Instruction ID: dfa41a09539822edda1635368fd5a45a97d92ccdc9be11a2065af1e4d3b7383c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 39b6ba575176afd7dbff27caf8ab59e078932d53ee68513fb93015f85653df5e
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA416E715083869BDB20CF54C894BEBBBE9FF89744F04091DF58897250E775D948CB62
                                                                                                                                                                                      Function 006C732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                      • Opcode ID: 3627d600070cd762a95e344e218f3e506858fdb284d45d52100b4b41ab305435
                                                                                                                                                                                      • Instruction ID: 118fa12ac8858a13912b38e7ada3ac1e788035c57d3719830d6b50ebbab51e8b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3627d600070cd762a95e344e218f3e506858fdb284d45d52100b4b41ab305435
                                                                                                                                                                                      • Instruction Fuzzy Hash: 421115B1A0420AAFCF09DF98E941E9A7BF5EF48314F054069F809EB351D630EA11DBA5
                                                                                                                                                                                      Function 006B5854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                      • Instruction ID: a2e8a90c00a2a4527928a5501d1a66e0d75bc932b42c62505f040454a16a912f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                      • Instruction Fuzzy Hash: 37F02872501A241ADA213669DC05BEB339BDF46335F14071DFC22A76D2CB74D847CB99
                                                                                                                                                                                      Function 0065DF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 0065DF45
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                      • Opcode ID: 2b053202631b0e0b67f644a5a6b95aea85cef7fbe1a42c8b90c9bc7b34df0211
                                                                                                                                                                                      • Instruction ID: d189f360acc44bb5d96b018634c735c4920c0caeeb7abb0412cb52a8b87f27ed
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b053202631b0e0b67f644a5a6b95aea85cef7fbe1a42c8b90c9bc7b34df0211
                                                                                                                                                                                      • Instruction Fuzzy Hash: FF017835600209EBCB21CF49C844F9EBBBAFF98310F20809AFC05A7350C771AA64DB90
                                                                                                                                                                                      Function 00676050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?), ref: 00676061
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExistsFilePath
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1174141254-0
                                                                                                                                                                                      • Opcode ID: 6d623b9cc0c71db25d54a4054cadba735abf40720beb18181194e355c0357259
                                                                                                                                                                                      • Instruction ID: 74d81ce647b675142ff657544599bd52c8458c948b78fce30c2118cc5a6719f5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d623b9cc0c71db25d54a4054cadba735abf40720beb18181194e355c0357259
                                                                                                                                                                                      • Instruction Fuzzy Hash: 98F049312006008BC7149F69D858B9BB7EAAF88714F00851DE849CB660D375EA41CBA4
                                                                                                                                                                                      Function 006C55F5 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C2174: RtlAllocateHeap.NTDLL(00000000,?,?,?,006A872D,?,?,0063A1ED,0000002C,AC3C8B06), ref: 006C21A6
                                                                                                                                                                                      • _free.LIBCMT ref: 006C5615
                                                                                                                                                                                        • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                        • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 314386986-0
                                                                                                                                                                                      • Opcode ID: 18eef4049f655c44e850ab26aac5be76c33408ab67aa6e9f183822b150d9597e
                                                                                                                                                                                      • Instruction ID: a3a97e52475625a9977e6fb34409a33d77ffcddb2e21ed5e4b6cf8a557f788cb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 18eef4049f655c44e850ab26aac5be76c33408ab67aa6e9f183822b150d9597e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 53F062721057009FD3359F56D801BA2F7F8EF80B11F10842FE29B876A0DAB4B446CB58
                                                                                                                                                                                      Function 006C2174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,006A872D,?,?,0063A1ED,0000002C,AC3C8B06), ref: 006C21A6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                      • Opcode ID: 339b538f164b3cf1eda78f7ee7c0958ec7a48006df6fbaf97560896db9766ef9
                                                                                                                                                                                      • Instruction ID: 82bb7283ca64f571b2172df32cdd91e4a1f61a0c6336f8561d565a5e56b3eeeb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 339b538f164b3cf1eda78f7ee7c0958ec7a48006df6fbaf97560896db9766ef9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 40E0ED7520022266E73036219C20FFA375BEB423A1F19422DEF059AB90CB20CC8182E8
                                                                                                                                                                                      Function 0065E500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 0065E51F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                      • Opcode ID: ce416422192a07b60b3a99ecebd4ee5c9393e8591f272109548a70555d0bb01e
                                                                                                                                                                                      • Instruction ID: 3eddaa8830faf0b3820bbff099ec466fc7734a5b1041dbca55d5dd07c0d56f41
                                                                                                                                                                                      • Opcode Fuzzy Hash: ce416422192a07b60b3a99ecebd4ee5c9393e8591f272109548a70555d0bb01e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 22F05831600208ABDB248F0ADC08F9EBBA9EF94710F20849EF84997250D6B1AA108B94
                                                                                                                                                                                      Function 0063136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006313A5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 323602529-0
                                                                                                                                                                                      • Opcode ID: 4fa50679b265e95ea81b5d02950026b617de8daf37853aad63f803bcf43976a7
                                                                                                                                                                                      • Instruction ID: afccafb9e732925a095c31ecd968e7a0fc280c10d24f7d4abf696409bd563800
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fa50679b265e95ea81b5d02950026b617de8daf37853aad63f803bcf43976a7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01F06572904658EFD715DF48DC01F9AB7EDEB08724F10462EE511937C0DB7969048A98
                                                                                                                                                                                      Function 0065ED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0065ED2F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                      • Opcode ID: c1b319a8527ef2ad8c9a0a87c496a7cca2771a8890cbb7ff86d215b6f422caa4
                                                                                                                                                                                      • Instruction ID: b1d42ddd77b83c53fead0d2dcea267efb96d38b4276a3f3949ed610768c519df
                                                                                                                                                                                      • Opcode Fuzzy Hash: c1b319a8527ef2ad8c9a0a87c496a7cca2771a8890cbb7ff86d215b6f422caa4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 90E0EC35240208ABDF148E84EC40FA77B2BEB94701F10C415F9084A195C373DD21AAA0
                                                                                                                                                                                      Function 006D4D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(00000000,?,006D4E6A,00000000,00000000,-00000002,AC3C8B06,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,006F44E4), ref: 006D4D92
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                      • Opcode ID: d62ea8ddb1b3df778756501ae9daee7e8960477ed15578acd97ab859cf30f429
                                                                                                                                                                                      • Instruction ID: c6591cc0b1e35e30e8ebff129f16d7545f8583b0dd7bcea51e22daef0bb2fb82
                                                                                                                                                                                      • Opcode Fuzzy Hash: d62ea8ddb1b3df778756501ae9daee7e8960477ed15578acd97ab859cf30f429
                                                                                                                                                                                      • Instruction Fuzzy Hash: CBD0A7315103081BAF540E7C946BEF6334F9F5176474C0652F41ECA3E8EE31EC929110
                                                                                                                                                                                      Function 006CFE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,006D0187,?,?,00000000,?,006D0187,00000000,0000000C), ref: 006CFE42
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                      • Opcode ID: 1f3710d3e5c3205306e212fba92c3321c61ca485664e757839856dc687621dac
                                                                                                                                                                                      • Instruction ID: e5c5d70489881891de0b2c751cfc140c6b60875f86ecdc5fbfd75346f4861331
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f3710d3e5c3205306e212fba92c3321c61ca485664e757839856dc687621dac
                                                                                                                                                                                      • Instruction Fuzzy Hash: EAD06C3200024DBBDF028F84DD46EDA3BAAFB48714F014000BA1856060C772E931AB91
                                                                                                                                                                                      Function 0069269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00692743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00692743
                                                                                                                                                                                        • Part of subcall function 00692743: AcquireSRWLockExclusive.KERNEL32(?,006928F1), ref: 00692760
                                                                                                                                                                                      • DloadProtectSection.DELAYIMP ref: 006926C5
                                                                                                                                                                                        • Part of subcall function 0069286C: DloadObtainSection.DELAYIMP ref: 0069287C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1209458687-0
                                                                                                                                                                                      • Opcode ID: 7d0813067b3888dc2697c6006e658773d905ab870794b28d90e9fbc7491548e1
                                                                                                                                                                                      • Instruction ID: b5e9d7ad43cd08ad9e0eadba42b87be44af3d7fd9455098912ded28f12c2e5d8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d0813067b3888dc2697c6006e658773d905ab870794b28d90e9fbc7491548e1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 58D02230408282BBCF90FB16BEAA750324FB300700F008406B301C2EB0C3BA48828A2C
                                                                                                                                                                                      Function 0065E8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0065E8D4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                                      • Opcode ID: 8814af22be3e0a4545ad115bb31e5fca6f5a6e5d7d49f99ea3739192c6f0f1d8
                                                                                                                                                                                      • Instruction ID: 9d583d9fd608724e2d02865d8ce375dea2c080c246783fc660cbef0ad7f5fab3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8814af22be3e0a4545ad115bb31e5fca6f5a6e5d7d49f99ea3739192c6f0f1d8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CD0EA3604024DBBDF029F81ED05E9A7F2AEB19761F148415FA191806187B39571ABA5
                                                                                                                                                                                      Function 006AE960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _free.LIBCMT ref: 006AE973
                                                                                                                                                                                        • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                        • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1353095263-0
                                                                                                                                                                                      • Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                      • Instruction ID: 49e2176f0e8ff04b93903283d575c8d88ca06dd6e31af9b7600067618453f5df
                                                                                                                                                                                      • Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                      • Instruction Fuzzy Hash: E6C08C3110020CBBCB00AB41C806F4E7BA9EB80364F200048F80117240CAB1EE049680
                                                                                                                                                                                      Function 00684DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684DAF
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: c45f7cb698ffa536582c30d7468753ed3c3fbd77f73523a7cc180ca8781b6ca4
                                                                                                                                                                                      • Instruction ID: a9fa05f5ef1a867f934a7235980ba414231c0b80f8597670ac8fbc9ee8a9019c
                                                                                                                                                                                      • Opcode Fuzzy Hash: c45f7cb698ffa536582c30d7468753ed3c3fbd77f73523a7cc180ca8781b6ca4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 55B012C1298017FC3694A1197C02C37010ECAC4F10730813EF408C4190D8444C451131
                                                                                                                                                                                      Function 00684D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 00684DAF
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 097b8b2d2bdc5fa45ad10c66f45b85e08c5e0dad59ad1b1723e1ae37505ef9ee
                                                                                                                                                                                      • Instruction ID: 4d82930a67ba24615cca97c8632d1b5818de9bbfec927057c2f95d6525da9043
                                                                                                                                                                                      • Opcode Fuzzy Hash: 097b8b2d2bdc5fa45ad10c66f45b85e08c5e0dad59ad1b1723e1ae37505ef9ee
                                                                                                                                                                                      • Instruction Fuzzy Hash: 29B012C129901B7C32546105BC02C37011EDDC5B10BB0412EF140D409098444C415031
                                                                                                                                                                                      Function 006914C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006914D8
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: cfe17b8ebaa5b3eb6822acfa3c72b58b759ec8b884b24e869e500f6eb71c86b3
                                                                                                                                                                                      • Instruction ID: 57926ea3625dad117f33e33b0317da86037beb28e637bc8f656215807b812aa2
                                                                                                                                                                                      • Opcode Fuzzy Hash: cfe17b8ebaa5b3eb6822acfa3c72b58b759ec8b884b24e869e500f6eb71c86b3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CB012E52580177C3B1411166D02C37115EC1C1F10B30C02FF104C5880D4482D426035
                                                                                                                                                                                      Function 006A97AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A97C4
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: df5e6a480b15485334fa3dc46986618fa7677e415fb10a8bedc08dccf8a7d7fe
                                                                                                                                                                                      • Instruction ID: a736323f396a2034006e84f47f530e1d324e34ac243cdaccd4c4117d0acf2c8b
                                                                                                                                                                                      • Opcode Fuzzy Hash: df5e6a480b15485334fa3dc46986618fa7677e415fb10a8bedc08dccf8a7d7fe
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EB012D12784167C371431196D16C37111EC1C1F10734C43EF905D0082A4448C461831
                                                                                                                                                                                      Function 006A9BFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: b81d213d99fc1a142ef7c49bfec3fd6d597b28af0f00e214c9251afd0bae7f99
                                                                                                                                                                                      • Instruction ID: d56fbf179a751726ce2c9c1939655adcc373eedfe6b477d702ea5ee845a3dafb
                                                                                                                                                                                      • Opcode Fuzzy Hash: b81d213d99fc1a142ef7c49bfec3fd6d597b28af0f00e214c9251afd0bae7f99
                                                                                                                                                                                      • Instruction Fuzzy Hash: 19B012D126C026BC379461097C02D77025EC2C1B10730852EF504C0280D4440CC92431
                                                                                                                                                                                      Function 006A9C40 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 7731181b8f122cc375fe02bc3b914f13b4af0b5c26ce9cc2aba3404329008910
                                                                                                                                                                                      • Instruction ID: 0ef00f7cdf9e3f5607d2dd2c4184b77d0ae45b3ffb7dbc4c200fd31e7d3dea6a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7731181b8f122cc375fe02bc3b914f13b4af0b5c26ce9cc2aba3404329008910
                                                                                                                                                                                      • Instruction Fuzzy Hash: D9B012C126C116BC336461097C02EB7014EC1C1B10730462EF504C0280E4440CC93435
                                                                                                                                                                                      Function 006A9C2C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 5d4e76f27a664072abbe908b9a5ef00e29e32d89a0299d7315392beffc59d456
                                                                                                                                                                                      • Instruction ID: 8355ebaab66d2ddf04d7ef3ef42e019fa401865460f78ccf97816fdbbc3a2552
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d4e76f27a664072abbe908b9a5ef00e29e32d89a0299d7315392beffc59d456
                                                                                                                                                                                      • Instruction Fuzzy Hash: 83B012C226C11A7D335461097C02EB7019ED1C1B10730452EF104C0280D4440C856431
                                                                                                                                                                                      Function 006A9C22 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: f894f334856010752378899334a2d748e21c4da03d6cc93033a7a3f61dc3c6c2
                                                                                                                                                                                      • Instruction ID: 7d0c16ab0f0c5fd6ee1a8d523c5b01470c9e4e4ea528dd6f6e8fdd16f6131de0
                                                                                                                                                                                      • Opcode Fuzzy Hash: f894f334856010752378899334a2d748e21c4da03d6cc93033a7a3f61dc3c6c2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CB012D126C0167D335461097D02DB711CEC1C1B10B30852EF208C0280D4440C862431
                                                                                                                                                                                      Function 006A9C36 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: d6e84f129e70c3d69ba2a799e27927662997d57c041ae2945099363c1d69f883
                                                                                                                                                                                      • Instruction ID: 9eb6135e0284962a5e1363b3973bb680e1cdb0a8a09e1407c74127ae8d500811
                                                                                                                                                                                      • Opcode Fuzzy Hash: d6e84f129e70c3d69ba2a799e27927662997d57c041ae2945099363c1d69f883
                                                                                                                                                                                      • Instruction Fuzzy Hash: 03B012C126C026FC376461097C02E77014EC2C1B10730852EF504C0280E4444C853431
                                                                                                                                                                                      Function 006A9C0E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 0d1b466276ed7d00dc16ac5d13e71a455abb20fdaed98ab29a65996c558361fd
                                                                                                                                                                                      • Instruction ID: dfff278a7409fea46be1ced6a1804710240e3d7b0b0f11ba6b1b64156c99ac7f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d1b466276ed7d00dc16ac5d13e71a455abb20fdaed98ab29a65996c558361fd
                                                                                                                                                                                      • Instruction Fuzzy Hash: B2B012C126C026BD375461197C02DB7018EC2C1B10730852EF504C0280D4440C852431
                                                                                                                                                                                      Function 006A9BF5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: f534ed20bc42cbdd1c7a5815bb764898ed7d0dfafb23cbaca64750c9c39f553d
                                                                                                                                                                                      • Instruction ID: 9a8dd8f1c2ebad8ed866cdcbe09a97cde75c36ebb8f8b7f41e0a33ef23f8327d
                                                                                                                                                                                      • Opcode Fuzzy Hash: f534ed20bc42cbdd1c7a5815bb764898ed7d0dfafb23cbaca64750c9c39f553d
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3A011C22AC002BC32082202AC02CBB020EC0C2B203308A0EF00280280A8800C8A2830
                                                                                                                                                                                      Function 006A9C4F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 14c841465666075e3ab8cd43edad59f747e88a32cf77ed33644444cf287eb124
                                                                                                                                                                                      • Instruction ID: 9a8dd8f1c2ebad8ed866cdcbe09a97cde75c36ebb8f8b7f41e0a33ef23f8327d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 14c841465666075e3ab8cd43edad59f747e88a32cf77ed33644444cf287eb124
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3A011C22AC002BC32082202AC02CBB020EC0C2B203308A0EF00280280A8800C8A2830
                                                                                                                                                                                      Function 006A9C59 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 5edfe535e50dafdf7578c34faad7ac3febc0a6c928467e1524675cbc04786c1f
                                                                                                                                                                                      • Instruction ID: 9a8dd8f1c2ebad8ed866cdcbe09a97cde75c36ebb8f8b7f41e0a33ef23f8327d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5edfe535e50dafdf7578c34faad7ac3febc0a6c928467e1524675cbc04786c1f
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3A011C22AC002BC32082202AC02CBB020EC0C2B203308A0EF00280280A8800C8A2830
                                                                                                                                                                                      Function 006A9C09 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 4545b668207e16b2d9ae6a572dce8d13a022095736eabada4ed1f2edf1466e87
                                                                                                                                                                                      • Instruction ID: 9a8dd8f1c2ebad8ed866cdcbe09a97cde75c36ebb8f8b7f41e0a33ef23f8327d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4545b668207e16b2d9ae6a572dce8d13a022095736eabada4ed1f2edf1466e87
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3A011C22AC002BC32082202AC02CBB020EC0C2B203308A0EF00280280A8800C8A2830
                                                                                                                                                                                      Function 006A9C1D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 006A9BE7
                                                                                                                                                                                        • Part of subcall function 0069293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006929AF
                                                                                                                                                                                        • Part of subcall function 0069293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006929C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1269201914-0
                                                                                                                                                                                      • Opcode ID: 0e0e44b852619c38fee0876ffb04e5993456f6391b829dcf686c336a1d4135fb
                                                                                                                                                                                      • Instruction ID: 9a8dd8f1c2ebad8ed866cdcbe09a97cde75c36ebb8f8b7f41e0a33ef23f8327d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e0e44b852619c38fee0876ffb04e5993456f6391b829dcf686c336a1d4135fb
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3A011C22AC002BC32082202AC02CBB020EC0C2B203308A0EF00280280A8800C8A2830
                                                                                                                                                                                      Function 0065ECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1659193697-0
                                                                                                                                                                                      • Opcode ID: 2277c0a62549fe4e5fb37e40d1decc4953ca7a13ad463137fb7190b3215986f1
                                                                                                                                                                                      • Instruction ID: 1d026951bde773ffcfa6d7a2c46bd992c3e1476bf25ad66e84269add77521795
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2277c0a62549fe4e5fb37e40d1decc4953ca7a13ad463137fb7190b3215986f1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FE0ED3B200519ABDB018B89EC84D9AFB6DEBD5371B04403BFA1487220D772ED25CBA0

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 00660540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,AC3C8B06), ref: 00660571
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 006605B7
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 006605DD
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 006605E9
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 006605F5
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00660601
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 0066060D
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 0066061C
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 00660628
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 00660634
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 00660640
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 0066064C
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 00660658
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,FreeSid), ref: 00660664
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 00660670
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 0066067C
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,InitializeAcl), ref: 00660688
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,InitializeSid), ref: 00660694
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 006606A0
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 006606AC
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 006606B8
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 006606C4
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 006606D0
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetAce), ref: 006606DC
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DeleteAce), ref: 006606E8
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,EqualSid), ref: 006606F4
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetAclInformation), ref: 00660700
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 0066070F
                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 006607DE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
                                                                                                                                                                                      • String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
                                                                                                                                                                                      • API String ID: 2701342527-838666417
                                                                                                                                                                                      • Opcode ID: 78b6e48c2f496e86bc7d0faf6d65f89f4f52e629e4261855f17aaa3476bd72e7
                                                                                                                                                                                      • Instruction ID: 1027173086d84179b35c3aa225d0f438ed64c3752dc32443d86031caebdbf4eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 78b6e48c2f496e86bc7d0faf6d65f89f4f52e629e4261855f17aaa3476bd72e7
                                                                                                                                                                                      • Instruction Fuzzy Hash: D4812930940B19FEDF259F65C848BA6BFA2FF05395F00012AEA0466AE0D775B468CFC1
                                                                                                                                                                                      Function 00678190 Relevance: 41.9, APIs: 7, Strings: 16, Instructions: 1638timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0063463F: GetProcessHeap.KERNEL32(?,?,?,0065C2E1,?,?,?,AC3C8B06,?,00000000), ref: 00634676
                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32 ref: 00678539
                                                                                                                                                                                      • GetLastError.KERNEL32(AC3C8B06,?), ref: 0067867A
                                                                                                                                                                                        • Part of subcall function 00658690: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 006586D6
                                                                                                                                                                                        • Part of subcall function 00658690: LoadResource.KERNEL32(00000000,00000000), ref: 006586E4
                                                                                                                                                                                        • Part of subcall function 00658690: LockResource.KERNEL32(00000000), ref: 006586EF
                                                                                                                                                                                        • Part of subcall function 00658690: SizeofResource.KERNEL32(00000000,00000000), ref: 006586FD
                                                                                                                                                                                        • Part of subcall function 00658690: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00658764
                                                                                                                                                                                        • Part of subcall function 00658690: LoadResource.KERNEL32(00000000,00000000), ref: 00658776
                                                                                                                                                                                        • Part of subcall function 00658690: LockResource.KERNEL32(00000000), ref: 00658785
                                                                                                                                                                                        • Part of subcall function 00658690: SizeofResource.KERNEL32(00000000,00000000), ref: 00658797
                                                                                                                                                                                      • __floor_pentium4.LIBCMT ref: 00678C83
                                                                                                                                                                                      • __floor_pentium4.LIBCMT ref: 00678CDF
                                                                                                                                                                                      • __floor_pentium4.LIBCMT ref: 00678D37
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Resource$__floor_pentium4$FindLoadLockSizeofTime$ErrorHeapLastProcessSystemVariant
                                                                                                                                                                                      • String ID: $GetAsSystemTime failed: %d$Invalid DateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::FormatDateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::Substitute$TOMORROW$YESTERDAY$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateSubstitution.cpp$epoch$failed to convert date element(s) to int: year = %s, month = %s, day = %s$failed to convert epoch date: %s$failed to parse day: %s$failed to parse month: %s$failed to parse year: %s$string %s does not have %d symbols starting index %d$yyyy
                                                                                                                                                                                      • API String ID: 3108935575-1381540002
                                                                                                                                                                                      • Opcode ID: be951349d8df1e8192111626fc2999fd2f994656c54756b5dafdf70bf226cc33
                                                                                                                                                                                      • Instruction ID: 0ad28f79146670a73d0fdc5691434686df51e52f7642c65b6029d755343f95fb
                                                                                                                                                                                      • Opcode Fuzzy Hash: be951349d8df1e8192111626fc2999fd2f994656c54756b5dafdf70bf226cc33
                                                                                                                                                                                      • Instruction Fuzzy Hash: 67E2AD71A00218CFDB24DF68CC55BEEB7B6AF45304F10829DE419A7291EB34AE85CF95
                                                                                                                                                                                      Function 00622B00 Relevance: 27.1, APIs: 3, Strings: 12, Instructions: 886COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006230C1
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006230C6
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00623746
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID: r$)$/$8r$Hr$UPDATER_URL$YSTEM$`r$heron_host$hti_auth_host$ps_host$xr
                                                                                                                                                                                      • API String ID: 118556049-3497224273
                                                                                                                                                                                      • Opcode ID: 4e23144c80369395feda637f30a3fa17195db5b167849d6b23a1381ef0332e4b
                                                                                                                                                                                      • Instruction ID: 4829bc0fd7edc723582a3451b2cd5491aeaf8dfc3a04ca62832052f1a69a11b2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e23144c80369395feda637f30a3fa17195db5b167849d6b23a1381ef0332e4b
                                                                                                                                                                                      • Instruction Fuzzy Hash: A67226B1D00264DFDF24DF24D8157AE77B6EB09300F20466DE45AA7392EB399A84CF94
                                                                                                                                                                                      Function 0062CF40 Relevance: 25.4, APIs: 3, Strings: 11, Instructions: 886COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0062D501
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0062D506
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0062DB86
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID: +r$)$/$8+r$UPDATER_URL$YSTEM$h+r$heron_host$hti_auth_host$ps_host$+r
                                                                                                                                                                                      • API String ID: 118556049-530127110
                                                                                                                                                                                      • Opcode ID: fa84f135c9f062ead024b83122ecd1a2af1bef008f1ddcc1f671b8793416e634
                                                                                                                                                                                      • Instruction ID: a0dc8c65b4218074ef939513b898697c50e8da60135c8cd213d216045623726e
                                                                                                                                                                                      • Opcode Fuzzy Hash: fa84f135c9f062ead024b83122ecd1a2af1bef008f1ddcc1f671b8793416e634
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D7240B1D00264DFDB24DF24D8117AE77B6AB09304F20466DE42AE7392EB39DA85CF45
                                                                                                                                                                                      Function 0062A610 Relevance: 23.6, APIs: 3, Strings: 10, Instructions: 886COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0062ABD1
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0062ABD6
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0062B256
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID: (#r$)$/$UPDATER_URL$X#r$YSTEM$heron_host$hti_auth_host$p#r$ps_host
                                                                                                                                                                                      • API String ID: 118556049-2687761
                                                                                                                                                                                      • Opcode ID: 07d77c96137837faaada2d4f9fe5f6d802c95d4ad50819e0266fe3794fce2480
                                                                                                                                                                                      • Instruction ID: 36facb8c77944ebc811e7ff7db8cdcb9175769909f00bbd4242c6998124513ed
                                                                                                                                                                                      • Opcode Fuzzy Hash: 07d77c96137837faaada2d4f9fe5f6d802c95d4ad50819e0266fe3794fce2480
                                                                                                                                                                                      • Instruction Fuzzy Hash: 257232B1D00224DFDB24CF64D8157AE77B6FB09300F20466DE41AA7392EB799A85CF46
                                                                                                                                                                                      Function 0067F3C0 Relevance: 23.2, APIs: 7, Strings: 6, Instructions: 463encryptionCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0067F442
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0067F488
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0067F4C6
                                                                                                                                                                                      • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0067F527
                                                                                                                                                                                      • CertGetNameStringW.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 0067F5AD
                                                                                                                                                                                      • CertGetNameStringW.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 0067F602
                                                                                                                                                                                      • CertGetCertificateChain.CRYPT32(00000000,?,?,00000000,00000010,00000000,00000000,?), ref: 0067F89C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Cert$CryptParam$CertificateNameString$ChainFromStoreSubject
                                                                                                                                                                                      • String ID: 4$Intel Corporation$McAfee, Inc.$McAfee, LLC$McAfee, LLC.$Yahoo! Inc.
                                                                                                                                                                                      • API String ID: 1005284423-549729705
                                                                                                                                                                                      • Opcode ID: 339cfe462ba162c392936e8b9cfefa88d31d87087fa224efcedbec50b1bb0133
                                                                                                                                                                                      • Instruction ID: d026d2f4069337c8b9245d892bfeebe20ebdf6aec6a92cbac723015e8f48b396
                                                                                                                                                                                      • Opcode Fuzzy Hash: 339cfe462ba162c392936e8b9cfefa88d31d87087fa224efcedbec50b1bb0133
                                                                                                                                                                                      • Instruction Fuzzy Hash: C4127E71900229DBDB709F24CC49BEAB7B6AF29714F0481E9E90DA7351E7359E84CF60
                                                                                                                                                                                      Function 00672B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,AC3C8B06,00000000,?,00000000,?,00673AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00672B73
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 00672B98
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Controller), ref: 00672BA7
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Release), ref: 00672BC8
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00672C46
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00672CC3
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00673AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 00672CCB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 00672CDF
                                                                                                                                                                                      • Controller, xrefs: 00672B9E
                                                                                                                                                                                      • Dispatcher, xrefs: 00672B92
                                                                                                                                                                                      • Release, xrefs: 00672BC2
                                                                                                                                                                                      • Failed to load library %s. Error 0x%08X, xrefs: 00672CD5
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 00672CE4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryProc$Free$ErrorLastLoad
                                                                                                                                                                                      • String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
                                                                                                                                                                                      • API String ID: 2058215185-435243658
                                                                                                                                                                                      • Opcode ID: 350d2bc908bce1a110a627380250fd8ab5fc9d886c72ac9bc7ab6e7af3b06665
                                                                                                                                                                                      • Instruction ID: a81cd2c4e2ee13209dfd4fbf7f651bc69bf26dfdb6caa6dc7579f65562210391
                                                                                                                                                                                      • Opcode Fuzzy Hash: 350d2bc908bce1a110a627380250fd8ab5fc9d886c72ac9bc7ab6e7af3b06665
                                                                                                                                                                                      • Instruction Fuzzy Hash: B6418BB1A00319DFD7008FA9C954BAEBBF6FF18710F01816AE509AB391D7B58940CFA5
                                                                                                                                                                                      Function 0068B4F0 Relevance: 22.2, Strings: 17, Instructions: 999COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF8)$no error
                                                                                                                                                                                      • API String ID: 0-2110857069
                                                                                                                                                                                      • Opcode ID: 7f3f09c46e54fa7f15079392839221de94fb5e276e60866ad74dd617fd68bcc0
                                                                                                                                                                                      • Instruction ID: ab43dbd6ebcbb00450d3eda071eb66093addcf651eb650f53a1393af985a5fdd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f3f09c46e54fa7f15079392839221de94fb5e276e60866ad74dd617fd68bcc0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E929F71D002299FDB28DF14CC907E9BBB6AF49314F0442E9EA59A7381E7709E85CF90
                                                                                                                                                                                      Function 00646220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?), ref: 00646268
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00646274
                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 006463BF
                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006463DF
                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006463FC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • al exception rule %x:%x res %s, xrefs: 0064632E
                                                                                                                                                                                      • 3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 0064671E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
                                                                                                                                                                                      • String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
                                                                                                                                                                                      • API String ID: 3004248768-911235813
                                                                                                                                                                                      • Opcode ID: d1ebe5a77f72d119fd3ffa3c19f0c603a4de26ca758d4e0b38471345026ba9b4
                                                                                                                                                                                      • Instruction ID: fec2cfa6a67a4ec0d7e25472b9c9498154802363d5d7330049da0e07ece11593
                                                                                                                                                                                      • Opcode Fuzzy Hash: d1ebe5a77f72d119fd3ffa3c19f0c603a4de26ca758d4e0b38471345026ba9b4
                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F10935B012289FDB259F14CC95BEDB7B6BF48710F154099EA0AAB391CB70AE41CF91
                                                                                                                                                                                      Function 006467B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 006467F3
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 006467FB
                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 0064687F
                                                                                                                                                                                      • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0064689F
                                                                                                                                                                                      • CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 006468BC
                                                                                                                                                                                      • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 006468DE
                                                                                                                                                                                      • CryptDestroyHash.ADVAPI32(00000000), ref: 006468EF
                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00646902
                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 00646951
                                                                                                                                                                                      • DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00646980
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Freeing access handle %p, xrefs: 006467D0
                                                                                                                                                                                      • al exception rule %x:%x res %s, xrefs: 00646824
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
                                                                                                                                                                                      • String ID: Freeing access handle %p$al exception rule %x:%x res %s
                                                                                                                                                                                      • API String ID: 581428007-3582322424
                                                                                                                                                                                      • Opcode ID: c6c602b2230c1d53d8969a9f64ed15ea2f6b7c3a6eb0bb80d3406dd98a8c0572
                                                                                                                                                                                      • Instruction ID: f8b7d884487c902d9b1cf0c676fd5e90d53beda77ce7ea560e090ddf06d5069c
                                                                                                                                                                                      • Opcode Fuzzy Hash: c6c602b2230c1d53d8969a9f64ed15ea2f6b7c3a6eb0bb80d3406dd98a8c0572
                                                                                                                                                                                      • Instruction Fuzzy Hash: 40518571A00319ABDB208F60DC89FDA77B9AB15710F144295FA04EA2D0DBF0EE94CF65
                                                                                                                                                                                      Function 00625400 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 918COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006259C1
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006259C6
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00626066
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
                                                                                                                                                                                      • API String ID: 118556049-3423396178
                                                                                                                                                                                      • Opcode ID: 820ab5cfc0fc0be5a40756333d60abc13802dc0b6b75760dbbc70c19e8084001
                                                                                                                                                                                      • Instruction ID: 65fbbf389080fbeaa4eeb104dae7e8f85e49323fe98637ad3a2e7ad3666fd727
                                                                                                                                                                                      • Opcode Fuzzy Hash: 820ab5cfc0fc0be5a40756333d60abc13802dc0b6b75760dbbc70c19e8084001
                                                                                                                                                                                      • Instruction Fuzzy Hash: 63720CB1E00A64CFDB249F24D8157AE77B6BB19310F20426DE42BE7391EB359A84CF45
                                                                                                                                                                                      Function 0067A540 Relevance: 15.8, Strings: 12, Instructions: 846COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Unknown comparison operator: %s, xrefs: 0067A94F
                                                                                                                                                                                      • failed to parse date from name: %s, xrefs: 0067A5B2
                                                                                                                                                                                      • [DATE:TODAY], xrefs: 0067AA28
                                                                                                                                                                                      • stol argument out of range, xrefs: 0067A991
                                                                                                                                                                                      • invalid substitutor, xrefs: 0067A9F8
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl, xrefs: 0067A956
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp, xrefs: 0067A95B, 0067AA04, 0067B083
                                                                                                                                                                                      • Unable to substitute the arguments, xrefs: 0067B077
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied, xrefs: 0067A9FF, 0067B07E
                                                                                                                                                                                      • failed to parse date from value: %s, xrefs: 0067A63C
                                                                                                                                                                                      • NEQ, xrefs: 0067A8CD
                                                                                                                                                                                      • invalid stol argument, xrefs: 0067A987
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Time$SystemVariant
                                                                                                                                                                                      • String ID: NEQ$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$Unknown comparison operator: %s$[DATE:TODAY]$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp$failed to parse date from name: %s$failed to parse date from value: %s$invalid stol argument$invalid substitutor$stol argument out of range
                                                                                                                                                                                      • API String ID: 352189841-3100175478
                                                                                                                                                                                      • Opcode ID: 89c9d50ee84475418dd4c62c6871105bbd3f55ede2039d4550b32d05c1b6b952
                                                                                                                                                                                      • Instruction ID: cae700a0dfe1347a21e8dc63a36155e267e83f4c4ef06f949c2e0163897832e4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 89c9d50ee84475418dd4c62c6871105bbd3f55ede2039d4550b32d05c1b6b952
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4472C071D002189ACF25DFA4C841BEEB7B6BF55304F10829DE40ABB381EB346A85CF95
                                                                                                                                                                                      Function 006828A0 Relevance: 13.0, Strings: 10, Instructions: 464COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: Encountered SEND_EVENT, but no event reporter was defined$Invalid$Invalid arguments passed to SEND_EVENT command$NWebAdvisor::NXmlUpdater::CSendEventCommand::Execute$Name$Unable to substitute variables for the SEND_EVENT command$Unexpected call to legacy SEND_EVENT command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SendEventCommand.cpp$default$invalid substitutor
                                                                                                                                                                                      • API String ID: 0-494503603
                                                                                                                                                                                      • Opcode ID: 24ad91769ccee3343fb9b4e1968997d5b6c96d3953b8ad5fc08ff2b4c2016837
                                                                                                                                                                                      • Instruction ID: ff7b1237a497c4e51b9a091c367bda011dd167430b6c9a00fea367c4f242a501
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24ad91769ccee3343fb9b4e1968997d5b6c96d3953b8ad5fc08ff2b4c2016837
                                                                                                                                                                                      • Instruction Fuzzy Hash: 830273B0A41209AFDF50EF90C966BEE77B6AF08704F110558F5057B381DBB59E08CBA5
                                                                                                                                                                                      Function 006CCFDB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                        • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D0B
                                                                                                                                                                                        • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D41
                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 006CD0E7
                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 006CD130
                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 006CD13F
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 006CD187
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 006CD1A6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                      • String ID: (3p
                                                                                                                                                                                      • API String ID: 949163717-1836177990
                                                                                                                                                                                      • Opcode ID: 6f54fc12e99d9756f8589e3912c65dd06c91a77d600e811d94b7d9d9192719eb
                                                                                                                                                                                      • Instruction ID: 1303eb1ca2b355102e480e16d1a5e02033920aa428c9c9ccc77a9fb9779b06f2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f54fc12e99d9756f8589e3912c65dd06c91a77d600e811d94b7d9d9192719eb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 64516C71A00206AADB10DFA8CC81FFA77BAFF09700F14457DE915EB290EB719945CB65
                                                                                                                                                                                      Function 00686D43 Relevance: 10.7, Strings: 8, Instructions: 655COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: @$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$^$alpha
                                                                                                                                                                                      • API String ID: 0-4118445655
                                                                                                                                                                                      • Opcode ID: de63ab175f4ba389621c8e9cb9ced9380e724779a34016ca92f18dfc44f3c5ba
                                                                                                                                                                                      • Instruction ID: 7a112f7ab1d829ce61234eb3117df7564ff3d421eb4aa5170ee026666950045f
                                                                                                                                                                                      • Opcode Fuzzy Hash: de63ab175f4ba389621c8e9cb9ced9380e724779a34016ca92f18dfc44f3c5ba
                                                                                                                                                                                      • Instruction Fuzzy Hash: D8428F70D083588FDF25DF64C8907EDBBB2AF1A314F284299D989AB352D7309D86CB51
                                                                                                                                                                                      Function 0067F150 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342encryptionCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0067F442
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0067F488
                                                                                                                                                                                      • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0067F4C6
                                                                                                                                                                                      • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0067F527
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CryptParam$CertCertificateFromStoreSubject
                                                                                                                                                                                      • String ID: 1.3.6.1.4.1.311.2.4.1
                                                                                                                                                                                      • API String ID: 738114118-146536318
                                                                                                                                                                                      • Opcode ID: 6b12e06660c2f4962bb523ef6b540251617940c0220fedffbaffb90832ad10bd
                                                                                                                                                                                      • Instruction ID: 0ffb500d85cf0fc3a7556a8843aff3e3439e4f9dbabece690d6ca75e6f8c1d5d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b12e06660c2f4962bb523ef6b540251617940c0220fedffbaffb90832ad10bd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 77D16671D002199FCB64DF64C885BEEBBB6EF49710F1081A9E819A7341DB35AE44CFA0
                                                                                                                                                                                      Function 006CCE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,006CD124,00000002,00000000,?,?,?,006CD124,?,00000000), ref: 006CCE9F
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,006CD124,00000002,00000000,?,?,?,006CD124,?,00000000), ref: 006CCEC8
                                                                                                                                                                                      • GetACP.KERNEL32(?,?,006CD124,?,00000000), ref: 006CCEDD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                      • Opcode ID: 93bfeb9d5a16790e015e4b9070bf6887587201ad4972243ae6e7405489dc9891
                                                                                                                                                                                      • Instruction ID: 888b51f62613598bdd90c5f3967bb8cffaa5c46bf25d0530d02da21c5c501240
                                                                                                                                                                                      • Opcode Fuzzy Hash: 93bfeb9d5a16790e015e4b9070bf6887587201ad4972243ae6e7405489dc9891
                                                                                                                                                                                      • Instruction Fuzzy Hash: 96217132600201AAEB348B65C940FF772A7EF5AB74B56846DE90EDB344E732DE41C390
                                                                                                                                                                                      Function 00690660 Relevance: 8.5, Strings: 6, Instructions: 986COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$qGh
                                                                                                                                                                                      • API String ID: 0-1198645378
                                                                                                                                                                                      • Opcode ID: bece6142518f50c2a4327399b5a4926da784bcbd17a99d587773dc8e7bd3eac9
                                                                                                                                                                                      • Instruction ID: 3bebd6b684d45224e47290aeaba1a4607e8e2ec7ca085f9195ccf42fe6d473d3
                                                                                                                                                                                      • Opcode Fuzzy Hash: bece6142518f50c2a4327399b5a4926da784bcbd17a99d587773dc8e7bd3eac9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C824975A002598FEF24CF58C8807EDB7BAAF45314F2442EAD859ABB81D7319E85CF50
                                                                                                                                                                                      Function 0066D2C0 Relevance: 8.0, Strings: 6, Instructions: 504COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: expected ' or "$expected =$expected >$expected element name$invalid numeric character entity$unexpected end of data
                                                                                                                                                                                      • API String ID: 0-1758782166
                                                                                                                                                                                      • Opcode ID: 6cf57104036503179e6b786c1f67ced0ca1ebdf2900bb842d037c2783c1cbfc2
                                                                                                                                                                                      • Instruction ID: 3b31715455aaf6051ed6ab8dc9bbbb2720278a9e74d372857e8de4a534463afa
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cf57104036503179e6b786c1f67ced0ca1ebdf2900bb842d037c2783c1cbfc2
                                                                                                                                                                                      • Instruction Fuzzy Hash: D702E4B0A042509FC728CF29C4957B6BBF2FF55304F28859EE49A8B392E7759D41CB90
                                                                                                                                                                                      Function 00687602 Relevance: 6.2, Strings: 4, Instructions: 1247COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: #$($?$n
                                                                                                                                                                                      • API String ID: 0-1429268647
                                                                                                                                                                                      • Opcode ID: 8245bd7fed0741e7b45171d1cb1bd799d5a904174184870102c67d1c76dab68a
                                                                                                                                                                                      • Instruction ID: 3e74deca6a3ede6fca73a26040c0b94ff2f2f9b9c9c0490cbdb78f355f73d0e9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8245bd7fed0741e7b45171d1cb1bd799d5a904174184870102c67d1c76dab68a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DB25F74E042598FCB25DFA8C8906ADFBB2BF55300F288399D499AB346D734A946CF50
                                                                                                                                                                                      Function 006A93F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006A93FE
                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 006A94CA
                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006A94EA
                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 006A94F4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                                                                      • Opcode ID: 2e50169c3d7e7006ddb7ad187a735b27e3c3c611917c6c1e92c2fd32afa19961
                                                                                                                                                                                      • Instruction ID: 09393679e80f8f0af769db5223f9d7b73f3943c775b044b8dfe7c2cac0536cd0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e50169c3d7e7006ddb7ad187a735b27e3c3c611917c6c1e92c2fd32afa19961
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F310775D0131C9BDB51EFA4D98ABCDBBB8AF08304F1041AAE509AB250EB719B858F15
                                                                                                                                                                                      Function 006883A0 Relevance: 5.5, Strings: 4, Instructions: 532COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: )$)$:$\b(?=\w)
                                                                                                                                                                                      • API String ID: 0-1096454370
                                                                                                                                                                                      • Opcode ID: e522c78f846151cb3f774427357edd76dd9c8ce959b22e66a4521da1633ba5d5
                                                                                                                                                                                      • Instruction ID: 716806f5cbce3012527663732c153df901c1f18f62e0d37f5e87e5cdcb84412b
                                                                                                                                                                                      • Opcode Fuzzy Hash: e522c78f846151cb3f774427357edd76dd9c8ce959b22e66a4521da1633ba5d5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 06324E74D04219CFDB25DF68C8807ADBBB2BF09314F18829AD85AAB351C7759D46CF60
                                                                                                                                                                                      Function 006CCA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                        • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D0B
                                                                                                                                                                                        • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D41
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCAD4
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCB1E
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCBE4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3140898709-0
                                                                                                                                                                                      • Opcode ID: 46bd1c2da4a399f18a46c7744d3c8683821963ae2b71c6e1caea7730218c291c
                                                                                                                                                                                      • Instruction ID: 1ffc1f3e152425ea3a6a35be5114c3373bdb33360f4892b8b7e8db1cbb678ea3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 46bd1c2da4a399f18a46c7744d3c8683821963ae2b71c6e1caea7730218c291c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B619D719002079FEB289F68CC92FBA77AAEF14320F1440BEE909C6685E735DD81DB50
                                                                                                                                                                                      Function 006AD453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,007280CC), ref: 006AD54B
                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,007280CC), ref: 006AD555
                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,007280CC), ref: 006AD562
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                      • Opcode ID: b120bdaad98b55c581f2e121c5bb479de19a8ff959ea6c5b0959ed76e87cc7fe
                                                                                                                                                                                      • Instruction ID: 8e06cf45f6a29dfebbde7b613981b42071dbb84dc20997b856a07b8ec4c40659
                                                                                                                                                                                      • Opcode Fuzzy Hash: b120bdaad98b55c581f2e121c5bb479de19a8ff959ea6c5b0959ed76e87cc7fe
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0231C674D01218ABCB61EF68D8897CDBBB9BF18310F5041EAE40CA7250EB709F858F45
                                                                                                                                                                                      Function 006BE8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,006BE8FD,00000002,00000002,?,00000002), ref: 006BE920
                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,006BE8FD,00000002,00000002,?,00000002), ref: 006BE927
                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 006BE939
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                      • Opcode ID: 255b275d646c289e369f76bcf088bbdeff522de6d399bb7a7aae4fbbe19fbaec
                                                                                                                                                                                      • Instruction ID: 922616c24c035f46276e9ade31055df227c0011a6ccd1863a9e371cfcbb61961
                                                                                                                                                                                      • Opcode Fuzzy Hash: 255b275d646c289e369f76bcf088bbdeff522de6d399bb7a7aae4fbbe19fbaec
                                                                                                                                                                                      • Instruction Fuzzy Hash: BFE04671000248AFCF913F64DD88AD83B2BEB40741B044418F9098A231CB37EE96CB51
                                                                                                                                                                                      Function 00658EA0 Relevance: 3.6, APIs: 2, Instructions: 635COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006591DE
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0065952E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                      • Opcode ID: f2e24c26be80db24c62b3b2287ca36fe0b81760aa69d5496ae40591f701b0770
                                                                                                                                                                                      • Instruction ID: 5f7b674fca03ccf4b405c7773cd5ba03cc446c439423552801716113fc5663fb
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2e24c26be80db24c62b3b2287ca36fe0b81760aa69d5496ae40591f701b0770
                                                                                                                                                                                      • Instruction Fuzzy Hash: A722BD72D10229EFCF24DFA8DC41AAEB7B6FF49311F144229F815A7291DB309D058BA5
                                                                                                                                                                                      Function 0067EB60 Relevance: 3.5, APIs: 2, Instructions: 477encryptionCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CryptQueryObject.CRYPT32(00000001,0066BDCE,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0067EBD2
                                                                                                                                                                                      • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0067EDEE
                                                                                                                                                                                        • Part of subcall function 0067F3C0: CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0067F442
                                                                                                                                                                                        • Part of subcall function 0067F3C0: CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0067F488
                                                                                                                                                                                        • Part of subcall function 0067F3C0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0067F4C6
                                                                                                                                                                                        • Part of subcall function 0067F3C0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0067F527
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Crypt$Param$ObjectQuery$CertCertificateFromStoreSubject
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 899467879-0
                                                                                                                                                                                      • Opcode ID: 637643f8c90461b0d1a446aa4a13f94264e0aa46e7378ac604e28976a6b962a7
                                                                                                                                                                                      • Instruction ID: 308ace6e1452b69f7c53337588227116db2e911ab72cfd7ae09f4ad086baf4ff
                                                                                                                                                                                      • Opcode Fuzzy Hash: 637643f8c90461b0d1a446aa4a13f94264e0aa46e7378ac604e28976a6b962a7
                                                                                                                                                                                      • Instruction Fuzzy Hash: A0025F71E002099BEF14DFA8CD99BEEBBB9AF08304F148559E505FB381D7799A04CB64
                                                                                                                                                                                      Function 006BB340 Relevance: 3.4, APIs: 2, Instructions: 450COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                      • Instruction ID: c0d84d3bb782b4d24fb2469b6b0bf46e6b5e03aebd5ac25ae23be47ef0c685a3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F11DB1E002199FDF14CFA9C8906EDBBB2FF88314F258269D819A7345D771AD41CB94
                                                                                                                                                                                      Function 006C70B4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,006B5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480), ref: 006C703D
                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(?,?,006B5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480,?), ref: 006C7054
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DebugDebuggerOutputPresentString
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4086329628-0
                                                                                                                                                                                      • Opcode ID: 34a17b171d40efef600a0cefbb86ced5764358788c8f2aae6761cc463e1323b0
                                                                                                                                                                                      • Instruction ID: 475f94a1bf3b811cb0b100b4123446b66d78339eac50614894843ca7200d67e9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 34a17b171d40efef600a0cefbb86ced5764358788c8f2aae6761cc463e1323b0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A012BB12482597BDB606A509C46FBF3B4FEF01361F24000CFD05C7241CE22D9029BBA
                                                                                                                                                                                      Function 006C14AF Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,006C14AA,?,?,00000008,?,?,006D0D68,00000000), ref: 006C16DC
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                      • Opcode ID: ddac1f75ef1c1b5663b0d42162b1134b1369f8167af99a207942468d036595b3
                                                                                                                                                                                      • Instruction ID: e26aadb8e33d2a8515717ff76d399df542e9c0e70e8e161a852c8fb2ea3e1eca
                                                                                                                                                                                      • Opcode Fuzzy Hash: ddac1f75ef1c1b5663b0d42162b1134b1369f8167af99a207942468d036595b3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 35B119756106048FD715CF28C496FA57BA2FF46364F29865CE89ACF3A2C335E992CB40
                                                                                                                                                                                      Function 006A9215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 006A922B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                                      • Opcode ID: 14d68f85861995b6ec883593a0e38d105464843dbf853c04ae69d456c980faad
                                                                                                                                                                                      • Instruction ID: a7f36a62bb5226ca530301f381b079f0eef3150d82e73cddd4524ca5d7b97065
                                                                                                                                                                                      • Opcode Fuzzy Hash: 14d68f85861995b6ec883593a0e38d105464843dbf853c04ae69d456c980faad
                                                                                                                                                                                      • Instruction Fuzzy Hash: 425176B1A112159FEB28CF68D9857AEBBF1FB49310F24856AC405EB3A0D3789D00CF64
                                                                                                                                                                                      Function 006CCCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                        • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D0B
                                                                                                                                                                                        • Part of subcall function 006C1CA9: _free.LIBCMT ref: 006C1D41
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006CCD34
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2003897158-0
                                                                                                                                                                                      • Opcode ID: 75b611c17b33874040ef3a22a0b230538eb7b88acf45a2eb7dfe068904ae4ab5
                                                                                                                                                                                      • Instruction ID: 13c8866ce92bb46738e45a7141f9d37dca39bc1d73d883c4bae6ab28d087eb15
                                                                                                                                                                                      • Opcode Fuzzy Hash: 75b611c17b33874040ef3a22a0b230538eb7b88acf45a2eb7dfe068904ae4ab5
                                                                                                                                                                                      • Instruction Fuzzy Hash: AC2198725102069BDB18AB25DC52FBA77AEEF45321B14007EFD0AD6241EB35ED44CB54
                                                                                                                                                                                      Function 006CC952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(006CCA80,00000001,00000000,?,-00000050,?,006CD0BB,00000000,?,?,?,00000055,?), ref: 006CC9C4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                      • Opcode ID: 790fc4a002fa29b7669707dba0c2a58e76e3c462c87401d6e7682505ba307e38
                                                                                                                                                                                      • Instruction ID: 2eb487a0f9e6691ddd21df117c91ab63e7959cbb980067487538b00118db2c16
                                                                                                                                                                                      • Opcode Fuzzy Hash: 790fc4a002fa29b7669707dba0c2a58e76e3c462c87401d6e7682505ba307e38
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4911E5376007059FDB189F79C891ABABB93FF84369B19442DE98B87B40D771B942C740
                                                                                                                                                                                      Function 006CCF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,006CCC9C,00000000,00000000,?), ref: 006CCF38
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                      • Opcode ID: 18e11cb425e1d63d5d26e89767c9a5904538e03994de8df5e99670528d397727
                                                                                                                                                                                      • Instruction ID: d4f070dfc6bec0170d2c687d73b63110132faa83b813884632106505f92b18bf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 18e11cb425e1d63d5d26e89767c9a5904538e03994de8df5e99670528d397727
                                                                                                                                                                                      • Instruction Fuzzy Hash: 68F0F932910115BBDB249764C805FFA7B5BEF40764F15442CED29A3280DA74FE41C690
                                                                                                                                                                                      Function 006CC9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(006CCCE0,00000001,?,?,-00000050,?,006CD07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 006CCA37
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                      • Opcode ID: 343b03d06c390be7137c7058bd2f254079d358e0af7186008d072118f3a9173d
                                                                                                                                                                                      • Instruction ID: 9d5e04a943cd88c34299c23a9314b403d3a6d1892c0e90e0ed67fc545741d2c1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 343b03d06c390be7137c7058bd2f254079d358e0af7186008d072118f3a9173d
                                                                                                                                                                                      • Instruction Fuzzy Hash: F0F0F6362003485FDB14DF79DC85FBA7B96EF81378B05442DF9498B691C671AC42C650
                                                                                                                                                                                      Function 006CC907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(006CC860,00000001,?,?,?,006CD0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 006CC93E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                      • Opcode ID: 2adfa104aa50723e809d9e407f00a3e6da32ddd340a1a7653080bcf4b2ecb9bb
                                                                                                                                                                                      • Instruction ID: f6edf483da304678d53c43319541e3607e5f8aa68741a2d721285afc4c075215
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2adfa104aa50723e809d9e407f00a3e6da32ddd340a1a7653080bcf4b2ecb9bb
                                                                                                                                                                                      • Instruction Fuzzy Hash: D5F0553630020457CB059F7ADC46BBABF9AEFC2B20B06405DFA098B251C2329942C790
                                                                                                                                                                                      Function 006C45DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,006C0C61,?,20001004,00000000,00000002,?,?,006C024C), ref: 006C460E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                      • Opcode ID: 2e3b331632e0a8b2d442afd565a0c470a4c0bf61aeeea592dc293e5a3950bb99
                                                                                                                                                                                      • Instruction ID: d9472f7839a7c9f510055153c104b79bae76d9bdb72620dfe4b49710d994f3c7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e3b331632e0a8b2d442afd565a0c470a4c0bf61aeeea592dc293e5a3950bb99
                                                                                                                                                                                      • Instruction Fuzzy Hash: 44E04F31540268BBCF126F61EC14FEE3E2BEF45761F014019FD1566225CF328961AAE8
                                                                                                                                                                                      Function 006A9586 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000895A0,006A8A95), ref: 006A958B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                      • Opcode ID: 158bb99fe25a8831eeeb8bddd40478efd2bcf0b3a791707aebb5a5d4ff14ca21
                                                                                                                                                                                      • Instruction ID: 422c355cb15cbebc1ee360df3caae99e6c086dfee3082a56b32fe48c6d02bd9e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 158bb99fe25a8831eeeb8bddd40478efd2bcf0b3a791707aebb5a5d4ff14ca21
                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                      Function 006B0B4B Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                      • Opcode ID: 694661c955dd1f6be3db64704972191672964fd7b7a4c310c165235dde51a672
                                                                                                                                                                                      • Instruction ID: b07b7196fdcf8c62b3e8b72af307fd3d9723c11edddd2163a82a1a60b99c9835
                                                                                                                                                                                      • Opcode Fuzzy Hash: 694661c955dd1f6be3db64704972191672964fd7b7a4c310c165235dde51a672
                                                                                                                                                                                      • Instruction Fuzzy Hash: 84614AF06006086AFB389A688491BFF7FA7AF41704F64062DE582DB3C1DB729DC28745
                                                                                                                                                                                      Function 006847C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                      • API String ID: 0-336475711
                                                                                                                                                                                      • Opcode ID: 6a864c69e76747ac6da25b64e77dd1d4b87131740a8295e01b471550c62d413b
                                                                                                                                                                                      • Instruction ID: 190899f6a93109fc995ae1021364db2fa6e4d6c4249a34310f6ab9d470f39bb6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a864c69e76747ac6da25b64e77dd1d4b87131740a8295e01b471550c62d413b
                                                                                                                                                                                      • Instruction Fuzzy Hash: F2413DA7A01249EFEF11AE5894937DFFBA5DB72300F44419DD8001B383E965870BC7A2
                                                                                                                                                                                      Function 0063463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006A88FA: EnterCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,AC3C8B06,?,00641171,?), ref: 006A8905
                                                                                                                                                                                        • Part of subcall function 006A88FA: LeaveCriticalSection.KERNEL32(0072742C,?,?,?,0064402B,0072827C,AC3C8B06,?,00641171,?), ref: 006A8942
                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,0065C2E1,?,?,?,AC3C8B06,?,00000000), ref: 00634676
                                                                                                                                                                                        • Part of subcall function 006A88B0: EnterCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88BA
                                                                                                                                                                                        • Part of subcall function 006A88B0: LeaveCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88ED
                                                                                                                                                                                        • Part of subcall function 006A88B0: RtlWakeAllConditionVariable.NTDLL ref: 006A8964
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 325507722-0
                                                                                                                                                                                      • Opcode ID: 9457515a044658ed1abae757ce9566d11690ce84786826b287bb29381f8f9a57
                                                                                                                                                                                      • Instruction ID: e3a77505a0d2e9b171f03404c877c56c62b4ab5e974523ffbf391b6e9050b8cf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9457515a044658ed1abae757ce9566d11690ce84786826b287bb29381f8f9a57
                                                                                                                                                                                      • Instruction Fuzzy Hash: D711D331502700DFE3F0AB28FC06B4677A1A706324F148129E704CB2A1DF7E284E8B6E
                                                                                                                                                                                      Function 006C4619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • GetSystemTimePreciseAsFileTime, xrefs: 006C4629
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                      • API String ID: 0-595813830
                                                                                                                                                                                      • Opcode ID: e96f98c02b00d42c2a53f8cae350a83f56a1d8d53b21cb0b81a0cc69d03a8768
                                                                                                                                                                                      • Instruction ID: f318ae30f2cac85d3165987bfa6d462cc5d48d754886bef99f1a231af6b9e464
                                                                                                                                                                                      • Opcode Fuzzy Hash: e96f98c02b00d42c2a53f8cae350a83f56a1d8d53b21cb0b81a0cc69d03a8768
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8E0C273780328B7C22076916C0AFBA7E5ACB40BB1F040122FF086A2928DA6491186E9
                                                                                                                                                                                      Function 006D68E0 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                      • Instruction ID: 376d7daca5838c92f07200c351ea84c3978355ed64f99302b4fe1e49387b4cd0
                                                                                                                                                                                      • Opcode Fuzzy Hash: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B325FB3F515145BDB0CCE5DCC927ECB3E3AF98214B0E813DA81AD7345EA78D9158A84
                                                                                                                                                                                      Function 006C8609 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4fd3676e06c7041ad82782344334a35b37fb582d49fc19ddf0354f6dbdadef35
                                                                                                                                                                                      • Instruction ID: df3a3d5d652b1700dc6b095818d90673108fc679e836b2b8929ceab90231ff05
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fd3676e06c7041ad82782344334a35b37fb582d49fc19ddf0354f6dbdadef35
                                                                                                                                                                                      • Instruction Fuzzy Hash: 07320922E29F418DD7335634CC253356249EFB73C5F15D72BE81AB5AA6EF29C8834104
                                                                                                                                                                                      Function 006B0DB0 Relevance: .2, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a537395111b52f5d7857f5c91b0bd563496db058bf297862494194e06ce498eb
                                                                                                                                                                                      • Instruction ID: 252c68ac94d926a402b9a1f1ee98889e1a16f30aed404e9a046bdb60f968c613
                                                                                                                                                                                      • Opcode Fuzzy Hash: a537395111b52f5d7857f5c91b0bd563496db058bf297862494194e06ce498eb
                                                                                                                                                                                      • Instruction Fuzzy Hash: B56128F07002096AFB389A6888917FF7B9BAB46700F94092DE942DB381DB61DDC78355
                                                                                                                                                                                      Function 006B0919 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                      • Instruction ID: d53201f7125addee5cb696e54b561b19a0fc5cbe7cda9594df93f606c916f312
                                                                                                                                                                                      • Opcode Fuzzy Hash: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 955149F0640748AAFF38AA2884957FFBF9B9B02304F14591ED486EB393D6119EC58356
                                                                                                                                                                                      Function 006B933A Relevance: .2, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                      • Instruction ID: 54f71a5656db1c51959f722fb89a3b77f5d8c157f24ad30e155cbdb94e457e4c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                      • Instruction Fuzzy Hash: DE516F71E00119AFDF04CF99C981AEEBBB6EF89304F19805DE905AB341D7349E91DBA0
                                                                                                                                                                                      Function 006D0AB2 Relevance: .1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a7045e63899fe05e97e16d6f0f6a4805f70e201591777631c07312aff81a4ff7
                                                                                                                                                                                      • Instruction ID: 45aae1be6d5f13d3bb02dea444d4986d1e9e9dce39a9a2c22fb6380c6d160cf7
                                                                                                                                                                                      • Opcode Fuzzy Hash: a7045e63899fe05e97e16d6f0f6a4805f70e201591777631c07312aff81a4ff7
                                                                                                                                                                                      • Instruction Fuzzy Hash: CD21B373F204394B7B0CC47E8C522BDB6E1C68C601745823EE8A6EA3C1D968D917E2E4
                                                                                                                                                                                      Function 006D0992 Relevance: .1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 54eb52936630cf71eb5e1c5f57d600af5345dcde591f2ad596d2b92939ed6e53
                                                                                                                                                                                      • Instruction ID: df1e097f08383dc98d6154fdd883e46d7fee1ecc3dfe9a36c7d199507f82e376
                                                                                                                                                                                      • Opcode Fuzzy Hash: 54eb52936630cf71eb5e1c5f57d600af5345dcde591f2ad596d2b92939ed6e53
                                                                                                                                                                                      • Instruction Fuzzy Hash: C2117323F30C255A775C816D8C172BAA5D6EBD825070F533AE826EB384E9A4DE13D290
                                                                                                                                                                                      Function 006AADD0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                      • Instruction ID: 508965b2387bfcbc8fe65312da10b3ee06026c5a83ca9e6c3537729a90ec5d59
                                                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C11087724019243DA14AAADD8B45F7E397FBD732172C42ABD1428B754D322ED45FD02
                                                                                                                                                                                      Function 00696AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00696AB6
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00696AC4
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00696AD5
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00696AE6
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00696AF7
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00696B08
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00696B19
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00696B2A
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00696B3B
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00696B4C
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00696B5D
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00696B6E
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00696B7F
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00696B90
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00696BA1
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00696BB2
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00696BC3
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00696BD4
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00696BE5
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00696BF6
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00696C07
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00696C18
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00696C29
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00696C3A
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00696C4B
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00696C5C
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00696C6D
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00696C7E
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00696C8F
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00696CA0
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00696CB1
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00696CC2
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00696CD3
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00696CE4
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00696CF5
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00696D06
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00696D17
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00696D28
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00696D39
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00696D4A
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00696D5B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                                                                      • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                      • API String ID: 667068680-295688737
                                                                                                                                                                                      • Opcode ID: b76b423c435bdc0d764e96ee1d6f7b6406597ece15e898debe552ef471b9cfba
                                                                                                                                                                                      • Instruction ID: 77f6c6d5b5df5f4489a37732298d0f9c3409de5d118c0e27cac60c796aadb02a
                                                                                                                                                                                      • Opcode Fuzzy Hash: b76b423c435bdc0d764e96ee1d6f7b6406597ece15e898debe552ef471b9cfba
                                                                                                                                                                                      • Instruction Fuzzy Hash: F2617A71A56394EFC314AFB4AD8E9663EFABA09701305682AF201DB174D7FA4111CF74
                                                                                                                                                                                      Function 0069E2B1 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 449COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0069E2B8
                                                                                                                                                                                      • ctype.LIBCPMT ref: 0069E2FF
                                                                                                                                                                                        • Part of subcall function 00633055: __Getctype.LIBCPMT ref: 00633064
                                                                                                                                                                                        • Part of subcall function 00697FAF: __EH_prolog3.LIBCMT ref: 00697FB6
                                                                                                                                                                                        • Part of subcall function 00697FAF: std::_Lockit::_Lockit.LIBCPMT ref: 00697FC0
                                                                                                                                                                                        • Part of subcall function 00697FAF: std::_Lockit::~_Lockit.LIBCPMT ref: 00698031
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E30D
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E324
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E36B
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E39E
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E3F0
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E405
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E424
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E443
                                                                                                                                                                                      • collate.LIBCPMT ref: 0069E44D
                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 0069E48F
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E4BA
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E4FB
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E510
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E559
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E58C
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E5E7
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E643
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E696
                                                                                                                                                                                        • Part of subcall function 00698203: __EH_prolog3.LIBCMT ref: 0069820A
                                                                                                                                                                                        • Part of subcall function 00698203: std::_Lockit::_Lockit.LIBCPMT ref: 00698214
                                                                                                                                                                                        • Part of subcall function 00698203: std::_Lockit::~_Lockit.LIBCPMT ref: 00698285
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E6B5
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E707
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E74C
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E761
                                                                                                                                                                                        • Part of subcall function 006987D5: __EH_prolog3.LIBCMT ref: 006987DC
                                                                                                                                                                                        • Part of subcall function 006987D5: std::_Lockit::_Lockit.LIBCPMT ref: 006987E6
                                                                                                                                                                                        • Part of subcall function 006987D5: std::_Lockit::~_Lockit.LIBCPMT ref: 00698857
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E780
                                                                                                                                                                                        • Part of subcall function 00697C31: __EH_prolog3.LIBCMT ref: 00697C38
                                                                                                                                                                                        • Part of subcall function 00697C31: std::_Lockit::_Lockit.LIBCPMT ref: 00697C42
                                                                                                                                                                                        • Part of subcall function 00697C31: std::_Lockit::~_Lockit.LIBCPMT ref: 00697CB3
                                                                                                                                                                                      • codecvt.LIBCPMT ref: 0069E7B5
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E7BF
                                                                                                                                                                                        • Part of subcall function 006986AB: __EH_prolog3.LIBCMT ref: 006986B2
                                                                                                                                                                                        • Part of subcall function 006986AB: std::_Lockit::_Lockit.LIBCPMT ref: 006986BC
                                                                                                                                                                                        • Part of subcall function 006986AB: std::_Lockit::~_Lockit.LIBCPMT ref: 0069872D
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E677
                                                                                                                                                                                        • Part of subcall function 00695688: Concurrency::cancel_current_task.LIBCPMT ref: 00695748
                                                                                                                                                                                        • Part of subcall function 00695688: __EH_prolog3.LIBCMT ref: 00695755
                                                                                                                                                                                        • Part of subcall function 00695688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00695781
                                                                                                                                                                                        • Part of subcall function 00695688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 0069578C
                                                                                                                                                                                        • Part of subcall function 00698298: __EH_prolog3.LIBCMT ref: 0069829F
                                                                                                                                                                                        • Part of subcall function 00698298: std::_Lockit::_Lockit.LIBCPMT ref: 006982A9
                                                                                                                                                                                        • Part of subcall function 00698298: std::_Lockit::~_Lockit.LIBCPMT ref: 0069831A
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E658
                                                                                                                                                                                        • Part of subcall function 00695688: __EH_prolog3.LIBCMT ref: 0069568F
                                                                                                                                                                                        • Part of subcall function 00695688: std::_Lockit::_Lockit.LIBCPMT ref: 00695699
                                                                                                                                                                                        • Part of subcall function 00695688: std::_Lockit::~_Lockit.LIBCPMT ref: 0069573D
                                                                                                                                                                                        • Part of subcall function 006980D9: __EH_prolog3.LIBCMT ref: 006980E0
                                                                                                                                                                                        • Part of subcall function 006980D9: std::_Lockit::_Lockit.LIBCPMT ref: 006980EA
                                                                                                                                                                                        • Part of subcall function 006980D9: std::_Lockit::~_Lockit.LIBCPMT ref: 0069815B
                                                                                                                                                                                      • numpunct.LIBCPMT ref: 0069E6F7
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E4A3
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0069E7D4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypeLocinfoLocinfo::~_Makeloccodecvtcollatectypenumpunct
                                                                                                                                                                                      • String ID: @sr$Dsr$Dsr$Hsr$Hsr$Lsr$Psr$Tsr$Xsr$Xsr$\sr$\sr$`sr$`sr$dsr$hsr$hsr
                                                                                                                                                                                      • API String ID: 3784148211-2707628009
                                                                                                                                                                                      • Opcode ID: cb44cc3a732680714efbeaf525d7706bfd23f2d3dfcb11ff2a34434dbc840e80
                                                                                                                                                                                      • Instruction ID: 196aebed1a64211047c16f59bf8605d523a305307b63844a178ec0571aae7cd2
                                                                                                                                                                                      • Opcode Fuzzy Hash: cb44cc3a732680714efbeaf525d7706bfd23f2d3dfcb11ff2a34434dbc840e80
                                                                                                                                                                                      • Instruction Fuzzy Hash: 52E1D4B0C01215AEDF65AF648846ABF3EAFDF02354F14442DF9056BB52EA368D0097E7
                                                                                                                                                                                      Function 00680780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Failed to delete src cab (%d), xrefs: 00680A0D
                                                                                                                                                                                      • Failed to extract cab (%s), xrefs: 006809D2
                                                                                                                                                                                      • Failed to parse DeleteFile as a boolean - default to false, xrefs: 006808D9
                                                                                                                                                                                      • DeleteFile, xrefs: 0068086B
                                                                                                                                                                                      • invalid substitutor, xrefs: 006807C5
                                                                                                                                                                                      • Unable to create destination directory (%d), xrefs: 0068099B
                                                                                                                                                                                      • Unable to verify signature for file: %s, xrefs: 00680956
                                                                                                                                                                                      • Source, xrefs: 006807D1
                                                                                                                                                                                      • DestDir, xrefs: 00680813
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 006808E5, 00680962, 006809A7, 006809DE, 00680A19, 00680A49
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 006808E0, 00680A44
                                                                                                                                                                                      • Unable to substitute DeleteFile attribute, xrefs: 006808BC
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 0068095D, 006809A2, 006809D9, 00680A14
                                                                                                                                                                                      • Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 00680A3D, 00680A42
                                                                                                                                                                                      • Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 00680A31
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create destination directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                      • API String ID: 0-2605792675
                                                                                                                                                                                      • Opcode ID: 8ad6bbe097589217a1c7faa87c2112dc16909017ea9dcc2074aaa758c0f1031c
                                                                                                                                                                                      • Instruction ID: 30234146d4ddd61a40927db5ba38afe3348009ee88255b9660a367d5637d5211
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ad6bbe097589217a1c7faa87c2112dc16909017ea9dcc2074aaa758c0f1031c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2291E070A40308ABEF54EF90D852BFEBB77AF15704F010A19F50567382DB75A948CBA5
                                                                                                                                                                                      Function 0064A118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0064DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064DF0C
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 0064A143
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A1AA
                                                                                                                                                                                        • Part of subcall function 0064E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E161
                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0064A1C1
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0064A1DD
                                                                                                                                                                                      • CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 0064A24C
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0064A268
                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 0064A410
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000001), ref: 0064A46F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
                                                                                                                                                                                      • String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
                                                                                                                                                                                      • API String ID: 1380281556-3274429967
                                                                                                                                                                                      • Opcode ID: 53039ed7b8d4e1380d55588dd45a46d03ab826b04ba4e6a9fcccd970391c8fb2
                                                                                                                                                                                      • Instruction ID: abbbd048867b01c6a5a7593608de87b1f6ec2445a63a014932344b3de12a99bb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 53039ed7b8d4e1380d55588dd45a46d03ab826b04ba4e6a9fcccd970391c8fb2
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1B1B170A40209ABDB44EFA0C855BEEB7B7FF44300F00426DE5196B6C1EB756A45CF95
                                                                                                                                                                                      Function 00680FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,AC3C8B06,000000FF,00000000,00000000,006DDF30,000000FF), ref: 00680FE8
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00680FF8
                                                                                                                                                                                      • CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,AC3C8B06,000000FF,00000000,00000000,006DDF30,000000FF), ref: 00681037
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00681058
                                                                                                                                                                                      • GetFileSize.KERNEL32(?,?), ref: 00681088
                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 0068109C
                                                                                                                                                                                      • MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 006810D9
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 006810F0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 0068106B, 0068110D
                                                                                                                                                                                      • Failed to map file to memory, xrefs: 00681101
                                                                                                                                                                                      • Failed to open the file: %d, xrefs: 0068105F
                                                                                                                                                                                      • CreateFileTransactedW, xrefs: 00680FF2
                                                                                                                                                                                      • kernel32.dll, xrefs: 00680FE3
                                                                                                                                                                                      • NWebAdvisor::CFileMemMap::Init, xrefs: 00681066, 00681108
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
                                                                                                                                                                                      • String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
                                                                                                                                                                                      • API String ID: 2423579280-2843467768
                                                                                                                                                                                      • Opcode ID: 2f8572d39f8f36874daf0c83d97f873533a4db5365026d3cfdb23f580191ceb7
                                                                                                                                                                                      • Instruction ID: eb244969d499934e5b3263858d5580ca1ecb42d7a997a623748e6a30dbeb73fe
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f8572d39f8f36874daf0c83d97f873533a4db5365026d3cfdb23f580191ceb7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B410B70740345BFEB20AF60CC46FAA77AABB09B14F104718F615EF2C0DBB5A9418B94
                                                                                                                                                                                      Function 0064E843 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 319COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064E8A8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                      • String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure: $`ato$`p
                                                                                                                                                                                      • API String ID: 539357862-1224660163
                                                                                                                                                                                      • Opcode ID: 82722c9d539a14b677d69a145c01c1348b671130daa342886d6038247247db28
                                                                                                                                                                                      • Instruction ID: 498011ec4976ee8c3a9b7a57e004375d6b47dd0f8f4531ead347f2d288ec053c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 82722c9d539a14b677d69a145c01c1348b671130daa342886d6038247247db28
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BD18F70A00219DBDB64DB60CD85BEDB3B6BF45304F4045ECE50AA7281DB75AB88CFA5
                                                                                                                                                                                      Function 00682FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,AC3C8B06), ref: 006830F1
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000008), ref: 0068317C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 00683157
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 00683108, 00683163, 006831A9, 006831D1
                                                                                                                                                                                      • Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 006831C5
                                                                                                                                                                                      • Name, xrefs: 00683055
                                                                                                                                                                                      • Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 006831BC
                                                                                                                                                                                      • Error opening HKLM registry key: %d, xrefs: 006830FC
                                                                                                                                                                                      • Error (%d) deleting registry value (%s) in key: %s, xrefs: 0068319D
                                                                                                                                                                                      • Key, xrefs: 00683013
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 00683103, 0068315E, 006831A4, 006831CC
                                                                                                                                                                                      • Invalid substitutor, xrefs: 00683005
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseOpen
                                                                                                                                                                                      • String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
                                                                                                                                                                                      • API String ID: 47109696-1081640057
                                                                                                                                                                                      • Opcode ID: 4fbcae9eefd5e1d3284750bd17b480738c23e53d38c048f576bb9758a0e4c2a8
                                                                                                                                                                                      • Instruction ID: c79c2ea3f0e13f5060650f510299b5579c5bbeb31f3b4ee3255b5916d4f3a57f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fbcae9eefd5e1d3284750bd17b480738c23e53d38c048f576bb9758a0e4c2a8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C51A270A41218ABDB10EF90DC4ABAEB7BBAF05F04F140618F54177381DB75AA05CBA5
                                                                                                                                                                                      Function 00668400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,0071F278,00000023,00000001,00000004,00000000,00000000), ref: 00668462
                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(0071F278,00000000,0071F278,00000104,\McAfee\), ref: 00668491
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0066849D
                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(0071F278,00000000,0071F278,00000104,0071F070), ref: 006684C5
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006684CB
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00000104), ref: 006684FC
                                                                                                                                                                                      • StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 00668511
                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(0071F278,00000000,0071F278,00000104,00000000), ref: 0066852E
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00668534
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 006685B9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
                                                                                                                                                                                      • String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
                                                                                                                                                                                      • API String ID: 922589859-3713371193
                                                                                                                                                                                      • Opcode ID: 3cf836054b6b74e00b521a61323c6eda200ea0b96b72cc596d5c1f6e797efe71
                                                                                                                                                                                      • Instruction ID: 6603b2489b3ec353fefda2feb4268277a79d858b8984d18a6779b3518d43fcf3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cf836054b6b74e00b521a61323c6eda200ea0b96b72cc596d5c1f6e797efe71
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2651CBB5A803186FDF20DB68DC86FDD77A6AB14710F104264F508A72D1DAF59DC08B95
                                                                                                                                                                                      Function 006BCE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$Info
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2509303402-0
                                                                                                                                                                                      • Opcode ID: a5463d8d422db571c90f8533e577006f21bb565766f9b2d46ecc81664d480c0b
                                                                                                                                                                                      • Instruction ID: d9a23ef43f6a593e300f06a76e622d972be3c01d910d07d81fd7174eb16f7bd1
                                                                                                                                                                                      • Opcode Fuzzy Hash: a5463d8d422db571c90f8533e577006f21bb565766f9b2d46ecc81664d480c0b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 71D17EB1A002469FDB21DFB8C881BEEBBF6FF08300F14416DE995AB342D6759985CB54
                                                                                                                                                                                      Function 00670950 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 244fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00670490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 006704AA
                                                                                                                                                                                        • Part of subcall function 00670490: GetLastError.KERNEL32 ref: 006704B8
                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 00670BB5
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00670BC2
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateErrorLast$DirectoryFile
                                                                                                                                                                                      • String ID: _f$CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
                                                                                                                                                                                      • API String ID: 1552088572-3353668808
                                                                                                                                                                                      • Opcode ID: 54ce25f7ba12d4f089536bc1618ee69d3bc385e41a0356a528457fcb378ca3fc
                                                                                                                                                                                      • Instruction ID: f6b6af90255112da869faa1543dee327f536434962bfdf0e48e2d1194a2a8178
                                                                                                                                                                                      • Opcode Fuzzy Hash: 54ce25f7ba12d4f089536bc1618ee69d3bc385e41a0356a528457fcb378ca3fc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 70A1AF71D00309DEEF00DFA4C845BEEBBB6AF58314F144219E509B7291D7716A85CBA1
                                                                                                                                                                                      Function 00683300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00683545
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Close
                                                                                                                                                                                      • String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
                                                                                                                                                                                      • API String ID: 3535843008-3762851336
                                                                                                                                                                                      • Opcode ID: a3484fa98be99f6873aab2359ddf9bce187f279e56cf6cde06e82cfa12413ff1
                                                                                                                                                                                      • Instruction ID: 6ca4ac80a4778e8b19659fe03d98e3544ccff5c4de8637ca5c8d6dcfedb445e1
                                                                                                                                                                                      • Opcode Fuzzy Hash: a3484fa98be99f6873aab2359ddf9bce187f279e56cf6cde06e82cfa12413ff1
                                                                                                                                                                                      • Instruction Fuzzy Hash: A771E571A40228ABCF10AF54C842BFDB7B7BF14B04F554658E911BB381DBB1AA00CBA5
                                                                                                                                                                                      Function 006CB4F0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 200COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                      • String ID: xxr$xxr$|xr
                                                                                                                                                                                      • API String ID: 269201875-4179863605
                                                                                                                                                                                      • Opcode ID: 39918cf6c27652c171f355d918213ff881e1135069c9e296e235addd01281b7c
                                                                                                                                                                                      • Instruction ID: 60b8d184116814661680c7e4781afe19053b938e0db7814d745043b160574a05
                                                                                                                                                                                      • Opcode Fuzzy Hash: 39918cf6c27652c171f355d918213ff881e1135069c9e296e235addd01281b7c
                                                                                                                                                                                      • Instruction Fuzzy Hash: E961BE72900705AFDB20EF75D842FBAB7EAEB44310F20456EE956EB381EB709D018B54
                                                                                                                                                                                      Function 006A87E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0072742C,00000FA0,?,?,006A87C5), ref: 006A87F3
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,006A87C5), ref: 006A87FE
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,006A87C5), ref: 006A880F
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006A8821
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006A882F
                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,006A87C5), ref: 006A8852
                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(0072742C,00000007,?,?,006A87C5), ref: 006A8875
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,006A87C5), ref: 006A8885
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • kernel32.dll, xrefs: 006A880A
                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006A87F9
                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 006A881B
                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 006A8827
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                      • API String ID: 2565136772-3242537097
                                                                                                                                                                                      • Opcode ID: 81fcead93a119963ec6f047bb34989621d2b7eef9a01dcbb48a59ab4f0ed5963
                                                                                                                                                                                      • Instruction ID: c9ae01dff516b5e449c76d8704515bbebea8f9ff1a33a6c62ab485fad718b6b2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 81fcead93a119963ec6f047bb34989621d2b7eef9a01dcbb48a59ab4f0ed5963
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2401D871A447515FD7203B74BC4DAA63E9FAB81B507051824F905DB2A4DEB9CC10CA31
                                                                                                                                                                                      Function 006CB0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                      • Opcode ID: dea92aef65bfefb7b20f4934b0564e5cd5e7990729fa9bf2149b87a58f3b9365
                                                                                                                                                                                      • Instruction ID: 3f6655ead2d157fa5f201e906fd9939563a4538665892c536f2d68b66100d20d
                                                                                                                                                                                      • Opcode Fuzzy Hash: dea92aef65bfefb7b20f4934b0564e5cd5e7990729fa9bf2149b87a58f3b9365
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BC14276E40205AFDB60DBA8DC47FEE77F9EB08700F14416DFA05EB282D6749A408794
                                                                                                                                                                                      Function 006691A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,0070A536,00000003), ref: 006691C9
                                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 006691DE
                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 006691EE
                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 006691FD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 00669284, 0066933B
                                                                                                                                                                                      • Failed to format version, xrefs: 00669275
                                                                                                                                                                                      • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 0066927F, 00669336
                                                                                                                                                                                      • kernel32.dll, xrefs: 006691B8
                                                                                                                                                                                      • Failed to retrieve kernel verison, xrefs: 0066932C
                                                                                                                                                                                      • %d.%d.%d.%d, xrefs: 0066925E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Resource$FindHandleLoadLockModule
                                                                                                                                                                                      • String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
                                                                                                                                                                                      • API String ID: 3968257194-3470154288
                                                                                                                                                                                      • Opcode ID: 0b4b6b1251b0ad82d09d65eb2bcac4e55ce899bfc4fa74afd75f559fbdc24a1a
                                                                                                                                                                                      • Instruction ID: bde6a8bd9441252d119b5b534153240d1c55b00fcd2edb00a6605fe6bb435c33
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b4b6b1251b0ad82d09d65eb2bcac4e55ce899bfc4fa74afd75f559fbdc24a1a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B51F8706003149BDF24AF64CC56BAB77BAEF04704F10459DE905AB3C2E775AE45CBA4
                                                                                                                                                                                      Function 006AC338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 006AC435
                                                                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 006AC457
                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 006AC566
                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 006AC638
                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 006AC6BC
                                                                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 006AC6D7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                      • API String ID: 2123188842-393685449
                                                                                                                                                                                      • Opcode ID: 61fadeb2be1dc9a739eae504d88a57a3fff682e3f2803d4a52591d13a5f1e61c
                                                                                                                                                                                      • Instruction ID: 9f43b614983c78457276360cd9f928a0bae2b81f4b0b7e9e85430cc10667f42d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 61fadeb2be1dc9a739eae504d88a57a3fff682e3f2803d4a52591d13a5f1e61c
                                                                                                                                                                                      • Instruction Fuzzy Hash: CFB16C71800209EFCF15EFA4C9819AEBBB6FF1A320B145159F8156B212D731EE61CF95
                                                                                                                                                                                      Function 006469A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DeviceIoControl.KERNEL32(AC3C8B06,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 006469E9
                                                                                                                                                                                      • CloseHandle.KERNEL32(AC3C8B06,?,?,00000000), ref: 006469FB
                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00646A2A
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00646A3D
                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 00646A8B
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 00646A9E
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00646AB8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
                                                                                                                                                                                      • String ID: NotComDllUnload$mfeaaca.dll
                                                                                                                                                                                      • API String ID: 2321898493-1077453148
                                                                                                                                                                                      • Opcode ID: 20bce92898723f00679a8c9362eec86b94bb6b1aa5d46c5a9c0a4b6f9843210d
                                                                                                                                                                                      • Instruction ID: d962e4599df9a01426e0723fc984943491943d153cab0fb5b281a297ce2e2695
                                                                                                                                                                                      • Opcode Fuzzy Hash: 20bce92898723f00679a8c9362eec86b94bb6b1aa5d46c5a9c0a4b6f9843210d
                                                                                                                                                                                      • Instruction Fuzzy Hash: C731B0713007019BDB249F24DC89F6A77AAAF45B10F184618F925EB3D4DBB1EC44CAA6
                                                                                                                                                                                      Function 00684280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • NWebAdvisor::CHttpTransaction::Connect, xrefs: 006843D8
                                                                                                                                                                                      • # SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 00684381
                                                                                                                                                                                      • NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 00684325
                                                                                                                                                                                      • NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 00684388
                                                                                                                                                                                      • # SetAutoProxy: Can't get proxy. Err: %d, xrefs: 0068431E
                                                                                                                                                                                      • Unable to set proxy option, error: %d, xrefs: 006843CE
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 0068432A, 0068438D, 006843DD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                      • String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
                                                                                                                                                                                      • API String ID: 1452528299-2881327693
                                                                                                                                                                                      • Opcode ID: 83f75c4b85cad9aeef8be255f6a2a9778840900335dd0064b1c7ad89448bf0c4
                                                                                                                                                                                      • Instruction ID: 674d514a4ba0ff351a1d5236dff824e8b5ba44fc9e1ba57fa54bd55a9c5e8d56
                                                                                                                                                                                      • Opcode Fuzzy Hash: 83f75c4b85cad9aeef8be255f6a2a9778840900335dd0064b1c7ad89448bf0c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 75415171A4030AAFEB10DFA5CC45BFEB7FAEF08704F148119E914A6280DBB59954CB65
                                                                                                                                                                                      Function 006AE00A Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                      • String ID: :$f$f$f$p$p$p
                                                                                                                                                                                      • API String ID: 1302938615-1434680307
                                                                                                                                                                                      • Opcode ID: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                      • Instruction ID: 779b8da462368d2424bc6264f81474577ddb4ecefcd8515a1a0f9ba33ca2146d
                                                                                                                                                                                      • Opcode Fuzzy Hash: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2302A075E00218DADF20AFA4D4846EDB7B7FB47B14FA44196E415BB280D3729E88CF25
                                                                                                                                                                                      Function 006A6940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A6947
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C995
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C9B7
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065C9D7
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065CAB1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                      • API String ID: 1383202999-2891247106
                                                                                                                                                                                      • Opcode ID: d27a7ffd238e0ed7f99fb9b7ea07e35b9ef445608e7415e3bb4316c3184abdf0
                                                                                                                                                                                      • Instruction ID: ccf110064f55f51f9dda8bf731c6117c68f687c7e24b5b3a1bc1f4e20051ef2b
                                                                                                                                                                                      • Opcode Fuzzy Hash: d27a7ffd238e0ed7f99fb9b7ea07e35b9ef445608e7415e3bb4316c3184abdf0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 23B19C7250010AEFCF19EF68C955DFE7BAAEF56314F084119FA42A6291D631DE21DF20
                                                                                                                                                                                      Function 006A1610 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A1617
                                                                                                                                                                                        • Part of subcall function 00697DF0: __EH_prolog3.LIBCMT ref: 00697DF7
                                                                                                                                                                                        • Part of subcall function 00697DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00697E01
                                                                                                                                                                                        • Part of subcall function 00697DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00697E72
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                      • API String ID: 1538362411-2891247106
                                                                                                                                                                                      • Opcode ID: 90d13e3922c25d96222ef101a8626913ca5cb1571ecc4efd468220150f1c364b
                                                                                                                                                                                      • Instruction ID: 5cd7c1a81ac154b93aac3708123f0be9069fdaebda32269b30c0844db029f7a7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 90d13e3922c25d96222ef101a8626913ca5cb1571ecc4efd468220150f1c364b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61B16A7590010AAFDF19EF68C965DFE7BBAAF07300F054119FA02AA291D631DE11DF61
                                                                                                                                                                                      Function 00680C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,AC3C8B06,00000000), ref: 00680E20
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00680E2E
                                                                                                                                                                                        • Part of subcall function 00680FA0: GetModuleHandleW.KERNEL32(kernel32.dll,AC3C8B06,000000FF,00000000,00000000,006DDF30,000000FF), ref: 00680FE8
                                                                                                                                                                                        • Part of subcall function 00680FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00680FF8
                                                                                                                                                                                        • Part of subcall function 00680FA0: GetLastError.KERNEL32 ref: 00681058
                                                                                                                                                                                        • Part of subcall function 00668650: std::locale::_Init.LIBCPMT ref: 0066882F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00680DA0, 00680E41, 00680F11
                                                                                                                                                                                      • CreateFile failed: %d, xrefs: 00680E35
                                                                                                                                                                                      • Unable to create destination directory (%d), xrefs: 00680D94
                                                                                                                                                                                      • NWebAdvisor::CCabParser::GetContentFile, xrefs: 00680D9B, 00680E3C
                                                                                                                                                                                      • Failed to load cab %s, xrefs: 00680F05
                                                                                                                                                                                      • NWebAdvisor::CCabParser::LoadCabFile, xrefs: 00680F0C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
                                                                                                                                                                                      • String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create destination directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                      • API String ID: 1808632809-3418505487
                                                                                                                                                                                      • Opcode ID: f2876858b039ae296be38c4c63ebd3feffbe53c825f9a18bdbc3568bb11042df
                                                                                                                                                                                      • Instruction ID: 8034e49e371c1a877172617c52d8c9dddc3f05b2034ded6fb8f8b0f75e552e09
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2876858b039ae296be38c4c63ebd3feffbe53c825f9a18bdbc3568bb11042df
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5591A371A00208DFDB54EFA4C896BEEB7B6EF04704F20852DF515A7281D7756A09CFA4
                                                                                                                                                                                      Function 006CF5F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d8f8c12e98bfad58cf4d01329575ae754e404186f26b56929c05b4f88bb91f56
                                                                                                                                                                                      • Instruction ID: 46cf4ccd33c9644e01ad8d4c538585d3bd5ec08ecc869451c3550704cf713a86
                                                                                                                                                                                      • Opcode Fuzzy Hash: d8f8c12e98bfad58cf4d01329575ae754e404186f26b56929c05b4f88bb91f56
                                                                                                                                                                                      • Instruction Fuzzy Hash: CCC1BA70A08245ABDB19DFA9D881FBDBBB3EF49300F14416DE815AB392C7359D42CB64
                                                                                                                                                                                      Function 0067C600 Relevance: 13.7, APIs: 9, Instructions: 240COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::locale::_Init.LIBCPMT ref: 0067C641
                                                                                                                                                                                        • Part of subcall function 00693084: __EH_prolog3.LIBCMT ref: 0069308B
                                                                                                                                                                                        • Part of subcall function 00693084: std::_Lockit::_Lockit.LIBCPMT ref: 00693096
                                                                                                                                                                                        • Part of subcall function 00693084: std::locale::_Setgloballocale.LIBCPMT ref: 006930B1
                                                                                                                                                                                        • Part of subcall function 00693084: std::_Lockit::~_Lockit.LIBCPMT ref: 00693107
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0067C6CB
                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0067C713
                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0067C748
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0067C7DD
                                                                                                                                                                                        • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                      • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0067C807
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0067C82B
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0067C84C
                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0067C85B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$std::locale::_$Lockit::_Lockit::~_$Locimp::_Locinfo::_$AddfacH_prolog3InitLocimpLocimp_Locinfo_ctorLocinfo_dtorNew_Setgloballocale_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3142054045-0
                                                                                                                                                                                      • Opcode ID: 5c58f280197728777c1c818ce50a4dce32a9451e5f0c4f263e7ad580c1d62d89
                                                                                                                                                                                      • Instruction ID: 981279af37bb2f0d4eadafcac571715d7ef59739a813b8c388f17adf5ef0cc6f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c58f280197728777c1c818ce50a4dce32a9451e5f0c4f263e7ad580c1d62d89
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AA18BB0D00748DFEB20DFA8C845B9EBBF5AF04314F14852DE409A7791EB75AA44CB95
                                                                                                                                                                                      Function 0065E2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: z
                                                                                                                                                                                      • API String ID: 0-1657960367
                                                                                                                                                                                      • Opcode ID: b7d6edd44da70879bb7cbbeffd3740aa7a5291a22f249bd2ad57ff5a658c9329
                                                                                                                                                                                      • Instruction ID: fdedbae4f4e732c7f37f80f7626e0e676c48117ac5aa6c9e5bb48cfca3108152
                                                                                                                                                                                      • Opcode Fuzzy Hash: b7d6edd44da70879bb7cbbeffd3740aa7a5291a22f249bd2ad57ff5a658c9329
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A51A371A002499BEF14DF94DC84FEEB7BAFB04325F104179E905A7380D7769A49CBA4
                                                                                                                                                                                      Function 00647107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00647DFC
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647EBB
                                                                                                                                                                                        • Part of subcall function 00654B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                      • String ID: Failed to add event category ($Service has not been initialized$V
                                                                                                                                                                                      • API String ID: 342047005-375236208
                                                                                                                                                                                      • Opcode ID: 2010588eea78eb1b52e9452fbcff6eb2d952906da14cea68b94e592a1b578182
                                                                                                                                                                                      • Instruction ID: 11aac972e64b8daa4742503e75cb7b47bda7a4f7ef2fd9576f6af8be04a71607
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2010588eea78eb1b52e9452fbcff6eb2d952906da14cea68b94e592a1b578182
                                                                                                                                                                                      • Instruction Fuzzy Hash: B851BF71904248DFDB54EF60D855BEE77B6FF05300F5041ADE8069B281EB759A08CFA5
                                                                                                                                                                                      Function 0064A6B6 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,AC3C8B06,?,?), ref: 0064A531
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 0064A73D
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A7AC
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A989
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                      • String ID: Event string is empty$Unexpected return value: $`p
                                                                                                                                                                                      • API String ID: 1703231451-3986244423
                                                                                                                                                                                      • Opcode ID: 1a72187697edb2c331c47bc55e620aab3eda80aebdfbe6988b25cb6349f7bbf8
                                                                                                                                                                                      • Instruction ID: 1a120a71a37ecc06e3ee2fca787b0afb9c0ea8884435c8e49cd1df951f6436ff
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a72187697edb2c331c47bc55e620aab3eda80aebdfbe6988b25cb6349f7bbf8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6651CE70900208EBDF18EFA4C889BEDB77BEF15310F104298E1155B2C2DB749A85CF66
                                                                                                                                                                                      Function 00698203 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0069820A
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00698214
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 0069824E
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00698265
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00698285
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00698292
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                      • String ID: `sr
                                                                                                                                                                                      • API String ID: 3376033448-227485719
                                                                                                                                                                                      • Opcode ID: 75ce1cc2afd69a2d39191b7d7ed3a7b2f0a56dc7eb6b1d61d864b11f48165663
                                                                                                                                                                                      • Instruction ID: 8aea04fec0526dca1fbcf35e12454c592253f97ca1b0a34edab8314cd058d38b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 75ce1cc2afd69a2d39191b7d7ed3a7b2f0a56dc7eb6b1d61d864b11f48165663
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3101AD319001699FCF48FBA8D851AAE776BBF80310F24450DE811AB782CF749F01CB98
                                                                                                                                                                                      Function 00698298 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0069829F
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006982A9
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 006982E3
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006982FA
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0069831A
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00698327
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                      • String ID: \sr
                                                                                                                                                                                      • API String ID: 3376033448-553530595
                                                                                                                                                                                      • Opcode ID: 99f8e437e6180b6f0af7ce0aabfb839a6e77150bdf8b6b102e41687136b14504
                                                                                                                                                                                      • Instruction ID: 413b88cabeb26e449324cef1a9b5e904a645f9f90053c2001d3c4300b05eaf23
                                                                                                                                                                                      • Opcode Fuzzy Hash: 99f8e437e6180b6f0af7ce0aabfb839a6e77150bdf8b6b102e41687136b14504
                                                                                                                                                                                      • Instruction Fuzzy Hash: A001AD319001699FCF04FBA4D842AAEB7ABAF44710F24000DE811AB791CF749E01CB98
                                                                                                                                                                                      Function 0069832D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00698334
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0069833E
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00698378
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0069838F
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006983AF
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006983BC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                      • String ID: 8sr
                                                                                                                                                                                      • API String ID: 3376033448-1864390431
                                                                                                                                                                                      • Opcode ID: efa9f12cc8292bf5d270cb5b5bdc4953ea6b6f0d8d3dea4887a1b8c6108b0562
                                                                                                                                                                                      • Instruction ID: 97174c8405e39c1022f13385339bc12534c53a520bb3aad4750ab713256a1600
                                                                                                                                                                                      • Opcode Fuzzy Hash: efa9f12cc8292bf5d270cb5b5bdc4953ea6b6f0d8d3dea4887a1b8c6108b0562
                                                                                                                                                                                      • Instruction Fuzzy Hash: A401C0319001659FCF04FBA4C942ABE77BBAF41720F24000DE810AB792CF749E01DB98
                                                                                                                                                                                      Function 006983C2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006983C9
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006983D3
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 0069840D
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00698424
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00698444
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00698451
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                      • String ID: 4sr
                                                                                                                                                                                      • API String ID: 3376033448-1715121787
                                                                                                                                                                                      • Opcode ID: d7dc255d20bc461ea1e7ec198ec46b822569b0e012d8010b78ccfff5288de55c
                                                                                                                                                                                      • Instruction ID: 6b9cee6c78492b00e7e472dcaaded1bbcc675d7ec817932ec1277aa229d16f61
                                                                                                                                                                                      • Opcode Fuzzy Hash: d7dc255d20bc461ea1e7ec198ec46b822569b0e012d8010b78ccfff5288de55c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7301A93190026A9FCF48FB64C945AAE77ABBF80710F24050DE821AB781DF749E01CB99
                                                                                                                                                                                      Function 00698616 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0069861D
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00698627
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00698661
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00698678
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00698698
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006986A5
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                      • String ID: Hsr
                                                                                                                                                                                      • API String ID: 3064348918-1003568975
                                                                                                                                                                                      • Opcode ID: 09bb4ab8f41f9b15d2044a7ef4b652cf03857b5a2cbc6b5fb99285288360af5f
                                                                                                                                                                                      • Instruction ID: 375bf940fbac60341cddcd6637bfb204221860164e74faf885df63a02bf9249c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 09bb4ab8f41f9b15d2044a7ef4b652cf03857b5a2cbc6b5fb99285288360af5f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D01AD319002659FCF44FBA4C956AAE776BAF80714F24000DE814AB781DF759E01CB98
                                                                                                                                                                                      Function 006CA764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3409252457-0
                                                                                                                                                                                      • Opcode ID: 654f5044e0ae958150d26fab6f6d51d78659918cb7f06eae0277fd0b54312287
                                                                                                                                                                                      • Instruction ID: 6f31830fdf8e17773db9be16a5f1bb3f023bff94f3748b922f18c8ca5b24e93d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 654f5044e0ae958150d26fab6f6d51d78659918cb7f06eae0277fd0b54312287
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E5116B0905309AFDB24AFF48C42FBDB7A6EF01318F01816EE55197381EB358941CB5A
                                                                                                                                                                                      Function 00658690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006A987E: EnterCriticalSection.KERNEL32(007277A0,?,00000101,?,006586A7,00000000,?,00000101,?,00000000,?,?,0065C338,-00000010), ref: 006A9889
                                                                                                                                                                                        • Part of subcall function 006A987E: LeaveCriticalSection.KERNEL32(007277A0,?,006586A7,00000000,?,00000101,?,00000000,?,?,0065C338,-00000010,?,?,?,AC3C8B06), ref: 006A98B5
                                                                                                                                                                                      • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 006586D6
                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 006586E4
                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 006586EF
                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 006586FD
                                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00658764
                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00658776
                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00658785
                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 00658797
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 506522749-0
                                                                                                                                                                                      • Opcode ID: a046e0a7256ac2f6dbb3ed73244f83922ca060d0f74ed7cfd7cb37e4c549989f
                                                                                                                                                                                      • Instruction ID: 5991bdac42c924f732e3a172677556fe143bd4e004681b66c0cda4ffc69f6578
                                                                                                                                                                                      • Opcode Fuzzy Hash: a046e0a7256ac2f6dbb3ed73244f83922ca060d0f74ed7cfd7cb37e4c549989f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2941F4316002119FD720AF189C84A7FB2AAEF94302F10096DFD56AB741EF39DC19C6A5
                                                                                                                                                                                      Function 006C087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,006C4E01), ref: 006C1CAE
                                                                                                                                                                                        • Part of subcall function 006C1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 006C1D4C
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0B8A
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0BA3
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0BE1
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0BEA
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0BF6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$ErrorLast
                                                                                                                                                                                      • String ID: C
                                                                                                                                                                                      • API String ID: 3291180501-1037565863
                                                                                                                                                                                      • Opcode ID: b7a86e232ddecfab50fc2b9bb7b7eaca2ec70f2e79f5e1639ca7f51f4ecbd42d
                                                                                                                                                                                      • Instruction ID: 23c746a8c2b60e867b00fc901bfb49459cba3cadf7326f584cb615950383cc3c
                                                                                                                                                                                      • Opcode Fuzzy Hash: b7a86e232ddecfab50fc2b9bb7b7eaca2ec70f2e79f5e1639ca7f51f4ecbd42d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 78B10775A0121ADBEB24DF18C894FA9B7B6FB18304F5045EEE94AA7351D731AE90CF40
                                                                                                                                                                                      Function 00651230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InitOnceBeginInitialize.KERNEL32(0072823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,AC3C8B06,?,?), ref: 0065125A
                                                                                                                                                                                      • InitOnceComplete.KERNEL32(0072823C,00000000,00000000), ref: 00651278
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • [%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 006513E3
                                                                                                                                                                                      • C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 006512F3, 006513DE
                                                                                                                                                                                      • McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 006512EC, 006513D7
                                                                                                                                                                                      • [%S:(%d)][%S] Failed to create HMAC traits., xrefs: 006512F8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                      • String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
                                                                                                                                                                                      • API String ID: 51270584-3897904871
                                                                                                                                                                                      • Opcode ID: bf6a3fd855be9b79cb57d8505c43e480fe84b18a2414c6474f9bc7a74e51e2c7
                                                                                                                                                                                      • Instruction ID: dec72f0f7620ca12b946d1964f0562abfd4565c4511cab536940f125110dc29b
                                                                                                                                                                                      • Opcode Fuzzy Hash: bf6a3fd855be9b79cb57d8505c43e480fe84b18a2414c6474f9bc7a74e51e2c7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F519C717043069FDB14EF28DC82BAE77E6BF99701F04452EF9059B281DA31E948CB96
                                                                                                                                                                                      Function 006552D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
                                                                                                                                                                                      • API String ID: 0-1483847951
                                                                                                                                                                                      • Opcode ID: 3bdfa90235787a8231e5f19acb1ec51a01481d3985498902b355e3a1b8f4dc73
                                                                                                                                                                                      • Instruction ID: a4ad154cee47ad4e64d340aaee7bd2c855fbbdca0e1275f677a0796cdecf1f76
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bdfa90235787a8231e5f19acb1ec51a01481d3985498902b355e3a1b8f4dc73
                                                                                                                                                                                      • Instruction Fuzzy Hash: FB817970904388CFEB24CFA8C9587DEBBF2AF48314F20865DD815AB392D7784A48CB55
                                                                                                                                                                                      Function 0065C960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0065C995
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0065C9B7
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0065C9D7
                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 0065CA70
                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0065CA82
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0065CA8F
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0065CAB1
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3947131827-0
                                                                                                                                                                                      • Opcode ID: dbd6e0f238f9dbfa7bb466d4d2a447a1f0301d3ba1b65136cf6d027120caf351
                                                                                                                                                                                      • Instruction ID: 83bb62db2ba0f05a0960c2a30039853549ea131eef33bfc668103db0ebe96fc3
                                                                                                                                                                                      • Opcode Fuzzy Hash: dbd6e0f238f9dbfa7bb466d4d2a447a1f0301d3ba1b65136cf6d027120caf351
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D41B171900258DFCF15DF58D841AAEBBB6FF44720F10815DE819AB351EB34AE0ACB85
                                                                                                                                                                                      Function 0064A550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,AC3C8B06,?,?), ref: 0064A531
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 0064A58B
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A989
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 0064A99D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Unexpected return value: , xrefs: 0064A8CC
                                                                                                                                                                                      • Thread signalled when event queue is empty, xrefs: 0064A614
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
                                                                                                                                                                                      • String ID: Thread signalled when event queue is empty$Unexpected return value:
                                                                                                                                                                                      • API String ID: 3324347728-3645029203
                                                                                                                                                                                      • Opcode ID: f9072fa7f2243c140674ffff52ec4a99e42173335837502dc52d4af171e58c4a
                                                                                                                                                                                      • Instruction ID: 30af3e5102840dccf62f19a4eaa4e7724dc5f756b8f965de6cdc5c6e6f987cbc
                                                                                                                                                                                      • Opcode Fuzzy Hash: f9072fa7f2243c140674ffff52ec4a99e42173335837502dc52d4af171e58c4a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3541AEB0D00218EADF54EFE0C9597DDB77AAF10314F1042ACE5156A2C1DB745A85CF96
                                                                                                                                                                                      Function 006C416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                      • API String ID: 0-537541572
                                                                                                                                                                                      • Opcode ID: 65991058679276edff68494cab55e9aa6cef7cd6ce480491cf8e9f064f13b769
                                                                                                                                                                                      • Instruction ID: 9678fa86e93c52afae41dc7f58afb9319932ad58c8dcf26b3f64c50f37dbf754
                                                                                                                                                                                      • Opcode Fuzzy Hash: 65991058679276edff68494cab55e9aa6cef7cd6ce480491cf8e9f064f13b769
                                                                                                                                                                                      • Instruction Fuzzy Hash: 35210572A01211EBDB31CB249CA6FBA379ADB11760F250218FC55AB3D1DE35EE02C5E0
                                                                                                                                                                                      Function 00698044 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0069804B
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00698055
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006980A6
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006980C6
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006980D3
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: ,sr
                                                                                                                                                                                      • API String ID: 55977855-1947163827
                                                                                                                                                                                      • Opcode ID: db489430788d1e196da1e1792d39cd3bda1ee4115f04ec0ce902254a9168fbe8
                                                                                                                                                                                      • Instruction ID: 606943a49d2bdb80f73a3808c11e92b5843c824cd2be8b0916ede82338cd666e
                                                                                                                                                                                      • Opcode Fuzzy Hash: db489430788d1e196da1e1792d39cd3bda1ee4115f04ec0ce902254a9168fbe8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01C0319002699FCF05FB64D842ABE777BAF41710F25000DE810AB782DF759E05CB94
                                                                                                                                                                                      Function 006980D9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006980E0
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006980EA
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0069813B
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0069815B
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00698168
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: Xsr
                                                                                                                                                                                      • API String ID: 55977855-670538815
                                                                                                                                                                                      • Opcode ID: 33ca98c6554a1451fd8099c30ae7cf21fbbb43f70a33dc4a9545a744f1e2ebea
                                                                                                                                                                                      • Instruction ID: 07b22fd5f0b5a4f65fe1aaa5d9dcbba354d89def64ff5ff0739021705ba3f327
                                                                                                                                                                                      • Opcode Fuzzy Hash: 33ca98c6554a1451fd8099c30ae7cf21fbbb43f70a33dc4a9545a744f1e2ebea
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C01C03190026A9FCF05FB64D8466AE777BAF81710F24040DE810AB781CF749E02CB98
                                                                                                                                                                                      Function 0069816E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00698175
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0069817F
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006981D0
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006981F0
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006981FD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: 0sr
                                                                                                                                                                                      • API String ID: 55977855-1630733991
                                                                                                                                                                                      • Opcode ID: ff17196147436a8a19136c5a5e85773cab2ee7683468709c1fc3efa294438377
                                                                                                                                                                                      • Instruction ID: ffc3ec1aaccb059388c01e18570b09b7436e626595e168247779cf00402f45ba
                                                                                                                                                                                      • Opcode Fuzzy Hash: ff17196147436a8a19136c5a5e85773cab2ee7683468709c1fc3efa294438377
                                                                                                                                                                                      • Instruction Fuzzy Hash: D6018B319001669FCF04FB68D841ABE77ABAF45310F24000DE810AB792CF749E028B98
                                                                                                                                                                                      Function 00698457 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0069845E
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00698468
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006984B9
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006984D9
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006984E6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: @sr
                                                                                                                                                                                      • API String ID: 55977855-901934839
                                                                                                                                                                                      • Opcode ID: a3da6e8585db4fb46ab35eca86d592ef534b8c7e9b08e9415cd0115c656cd167
                                                                                                                                                                                      • Instruction ID: 99b0a9085c461bd373d40feb8ed6a7bcdf6d841fb09527c574f8d78742e0dd70
                                                                                                                                                                                      • Opcode Fuzzy Hash: a3da6e8585db4fb46ab35eca86d592ef534b8c7e9b08e9415cd0115c656cd167
                                                                                                                                                                                      • Instruction Fuzzy Hash: C201AD3190026A9FCF55FB64C9466AE77ABBF40B10F24040DF811AB782DF749E01CB94
                                                                                                                                                                                      Function 006984EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006984F3
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006984FD
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0069854E
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0069856E
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0069857B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: sr
                                                                                                                                                                                      • API String ID: 55977855-2098570711
                                                                                                                                                                                      • Opcode ID: 76145ea61e609f626668a1d0c2d7b0ddf8df91e88fdf3eeae0d501f5da0ecdb8
                                                                                                                                                                                      • Instruction ID: decb5140dff1906e2508bb0936320e9b35246a049295f99160076ed7de413a78
                                                                                                                                                                                      • Opcode Fuzzy Hash: 76145ea61e609f626668a1d0c2d7b0ddf8df91e88fdf3eeae0d501f5da0ecdb8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A01C0319006659FCF44FB64D8416AE77BBBF40310F25440DE811AB791CF749E05CB99
                                                                                                                                                                                      Function 00698581 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00698588
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00698592
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006985E3
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00698603
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00698610
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: Dsr
                                                                                                                                                                                      • API String ID: 55977855-852215339
                                                                                                                                                                                      • Opcode ID: 37c464f45cece4eabe75bc3216d599848199c5160dcceb48969ce2877759811d
                                                                                                                                                                                      • Instruction ID: 93f1b3161619db8ffe71c9e423b536dd7faa48dbd288323f7c8f69c8927c7839
                                                                                                                                                                                      • Opcode Fuzzy Hash: 37c464f45cece4eabe75bc3216d599848199c5160dcceb48969ce2877759811d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7501AD319001659FCF44FF64C9426AE77ABAF40720F24040DE810AB782CF749E01CB99
                                                                                                                                                                                      Function 006986AB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006986B2
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006986BC
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 0069870D
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0069872D
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0069873A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: dsr
                                                                                                                                                                                      • API String ID: 55977855-176586955
                                                                                                                                                                                      • Opcode ID: 0a25715320995686dc7ec2975efdf584c23b6491a8facb4ca730079ef300f91b
                                                                                                                                                                                      • Instruction ID: e73bed14ebaf7d55b5d93324ed1ea15318de912c901834f99d6fe02a11179ec2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a25715320995686dc7ec2975efdf584c23b6491a8facb4ca730079ef300f91b
                                                                                                                                                                                      • Instruction Fuzzy Hash: C701AD319001699FCF45FBA4D951AAEB7BBBF50320F24000DE810AB781DF749E02CB98
                                                                                                                                                                                      Function 00698740 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00698747
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00698751
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006987A2
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006987C2
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006987CF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: <sr
                                                                                                                                                                                      • API String ID: 55977855-1747582915
                                                                                                                                                                                      • Opcode ID: 7e64bf32ba161bca4aa6fb357deeec38676cdb23779c7216e0d9dc8ea2e4e88d
                                                                                                                                                                                      • Instruction ID: d6c3112e6c7bf103d14e38d018598883cb6f46593b07675fad3ab47aed8a9977
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e64bf32ba161bca4aa6fb357deeec38676cdb23779c7216e0d9dc8ea2e4e88d
                                                                                                                                                                                      • Instruction Fuzzy Hash: B601AD369002659FCF44FBA4D842AAE776BAF40710F24040DE810AB781DF749E01CB94
                                                                                                                                                                                      Function 006987D5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006987DC
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006987E6
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00698837
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00698857
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00698864
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID: hsr
                                                                                                                                                                                      • API String ID: 55977855-60586415
                                                                                                                                                                                      • Opcode ID: 9279f53bfd38694687f464f09ffe59ab31f4726af5eac8bb667cabafb3c645c9
                                                                                                                                                                                      • Instruction ID: 400e253a987d1c2409f652b125360fa11eb95d4beba265f01c8ef05027643866
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9279f53bfd38694687f464f09ffe59ab31f4726af5eac8bb667cabafb3c645c9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7601C0319042659FCF44FB64D942AAE77BBBF40714F64440DE811AB781CF749E05CBA8
                                                                                                                                                                                      Function 006A88B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88BA
                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0072742C,?,?,00644086,0072827C,006E68E0,?), ref: 006A88ED
                                                                                                                                                                                      • RtlWakeAllConditionVariable.NTDLL ref: 006A8964
                                                                                                                                                                                      • SetEvent.KERNEL32(?,00644086,0072827C,006E68E0,?), ref: 006A896E
                                                                                                                                                                                      • ResetEvent.KERNEL32(?,00644086,0072827C,006E68E0,?), ref: 006A897A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                      • String ID: ,tr
                                                                                                                                                                                      • API String ID: 3916383385-995019380
                                                                                                                                                                                      • Opcode ID: 6052350184dc23f2f3f563ec22b5dd7e85afd2368c26a8475e9830b8ceb97055
                                                                                                                                                                                      • Instruction ID: ce57bc6117d8b72e9c410d7e7721cb39b3342444a26047744aced4467e2cd11b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6052350184dc23f2f3f563ec22b5dd7e85afd2368c26a8475e9830b8ceb97055
                                                                                                                                                                                      • Instruction Fuzzy Hash: 510169719056A0DFC718BF28FD888997BAAEB0D711700816AF90197374CB391C12CF99
                                                                                                                                                                                      Function 006A809D Relevance: 9.2, APIs: 6, Instructions: 224COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?), ref: 006A8128
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006A81B6
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006A8228
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006A8242
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006A82A5
                                                                                                                                                                                      • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 006A82C2
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2984826149-0
                                                                                                                                                                                      • Opcode ID: ded7de92b0d819b035bac048c0ed95080c2916ebd45d3b0113108793c0604798
                                                                                                                                                                                      • Instruction ID: e4b58711669ca2f9a697879326f53e85b4f7b1ab15f77e43d3743985f11b36c9
                                                                                                                                                                                      • Opcode Fuzzy Hash: ded7de92b0d819b035bac048c0ed95080c2916ebd45d3b0113108793c0604798
                                                                                                                                                                                      • Instruction Fuzzy Hash: FB716D7190064AAEDF21AFA4CC41AFE7BBBAF47314F240169E845A7250DF358D45CFA4
                                                                                                                                                                                      Function 006968B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00696901
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0069696C
                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00696989
                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 006969C8
                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00696A27
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00696A4A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                                      • Opcode ID: 7da64f912690f85d82d6869dfb1319cba20b8fe2e0e6d9e6ffd5026d099fdc4d
                                                                                                                                                                                      • Instruction ID: 76d98af9f4f3f4ab712171a004ffa8064e0d6521021c5fccbc2c4c05097312bc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7da64f912690f85d82d6869dfb1319cba20b8fe2e0e6d9e6ffd5026d099fdc4d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0051997290031AAFEF209F64CD45FEA7BAFEB40754F148429F915EA690EB318D50DB60
                                                                                                                                                                                      Function 0063E790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 0063E7D7
                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 0063E811
                                                                                                                                                                                      • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 0063E86D
                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 0063E8C7
                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 0063E8DC
                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 0063E917
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2792426717-0
                                                                                                                                                                                      • Opcode ID: 38f2a96d19ab920b97d37c3d0964a2b3d7bb4607bd759d612ef8085d220bf663
                                                                                                                                                                                      • Instruction ID: c4b4ed06b1f85ec022b98ab182724738fe3517de5208cb79b710b8a09faef12d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 38f2a96d19ab920b97d37c3d0964a2b3d7bb4607bd759d612ef8085d220bf663
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A416071D01248EBEF10DF94DD89BDEB7BAEF04714F204129F901A62D0D77A9A44CBA4
                                                                                                                                                                                      Function 00638D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00638D46
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00638D66
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00638D86
                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00638E57
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00638E64
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00638E86
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2966223926-0
                                                                                                                                                                                      • Opcode ID: 4547761fa5196b636cf94ba39cfc925a2823e1456f18edf86c2a375f28817e07
                                                                                                                                                                                      • Instruction ID: 10c842ee8e31b55d2b0047eaa74b4c850656c5d4fad5ff4629b6ec9c06fb3034
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4547761fa5196b636cf94ba39cfc925a2823e1456f18edf86c2a375f28817e07
                                                                                                                                                                                      • Instruction Fuzzy Hash: 64419971900215DFCB61EF55D881BAEBBB6FF90710F244169E406AB391DF35AA06CBC1
                                                                                                                                                                                      Function 006B3207 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __freea
                                                                                                                                                                                      • String ID: 3Ak$a/p$am/pm
                                                                                                                                                                                      • API String ID: 240046367-1919609041
                                                                                                                                                                                      • Opcode ID: 5e1e8307c12b2583fe8cd16f531aedb4976a16129986a9cb7a0625030d8baa8f
                                                                                                                                                                                      • Instruction ID: 6353de50451f8587084a9aed32d43133dbe127d82bccfeff2fad038ab5ef73b3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e1e8307c12b2583fe8cd16f531aedb4976a16129986a9cb7a0625030d8baa8f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 02C1C0B5B00226DACB258F68C995AFABBB3FF05700F254149E501AB351E7359FC2CB51
                                                                                                                                                                                      Function 00643400 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00643435
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00643457
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00643477
                                                                                                                                                                                      • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0064353A
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00643547
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00643569
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2966223926-0
                                                                                                                                                                                      • Opcode ID: 6171ba96c459e07c73cf19c243a49e35396aec5e8b9e6cd895562a2fa0c7c725
                                                                                                                                                                                      • Instruction ID: 807af3dc4e88859ae7ccba81df436954480dda25d7bf2c1dbc266b6e6227240b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6171ba96c459e07c73cf19c243a49e35396aec5e8b9e6cd895562a2fa0c7c725
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A41DA71900265CFCB11DF58C941AAEB7F6FF44310F14825EE809AB352EB34EA06CB91
                                                                                                                                                                                      Function 006332DE Relevance: 9.1, APIs: 6, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 006332E5
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006332F2
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00633340
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00633360
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0063336D
                                                                                                                                                                                      • __Towlower.LIBCPMT ref: 00633388
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2111902878-0
                                                                                                                                                                                      • Opcode ID: 0aa03a7c4d57c2a3e98e90adb18175fc53d008d58b8633f6e5fea200be718446
                                                                                                                                                                                      • Instruction ID: 4d1882e92b47f5133a3c56a26dd21c2e0a4728f51bef0adb1c6d09082a9b3cb5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0aa03a7c4d57c2a3e98e90adb18175fc53d008d58b8633f6e5fea200be718446
                                                                                                                                                                                      • Instruction Fuzzy Hash: A61102319001298FDB44EB64D541ABEB7ABAF84310F24400EF505AB391DF319F028BD9
                                                                                                                                                                                      Function 0069435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00694362
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0069436C
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • codecvt.LIBCPMT ref: 006943A6
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006943BD
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006943DD
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006943EA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2133458128-0
                                                                                                                                                                                      • Opcode ID: 5c8e30371feac14df0f8bc01cc2a3077bf920024259922796cd8a221ee289311
                                                                                                                                                                                      • Instruction ID: e8607b117e71641e956c45b52e9a22700899c7e41b94945a844f964b29a4e09b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c8e30371feac14df0f8bc01cc2a3077bf920024259922796cd8a221ee289311
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F01A93191022A9BCF14BB64D952AAE77ABBF90710F24010DE411AB781CF749E06CB88
                                                                                                                                                                                      Function 006A4475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A447C
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A4486
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • collate.LIBCPMT ref: 006A44C0
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A44D7
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A44F7
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A4504
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1767075461-0
                                                                                                                                                                                      • Opcode ID: 4088a9d525e658c92fede56e7866e74760af1242cfed2f40d3eb57d39d7bdaf0
                                                                                                                                                                                      • Instruction ID: 63cce482169ee91c0ed3b3856ee9fc78497616754bed752759dfbd133401537e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4088a9d525e658c92fede56e7866e74760af1242cfed2f40d3eb57d39d7bdaf0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B01C0359001659BCB04FB64D8516AE77B7FF85710F24440DF810AB382CFB49E01CB88
                                                                                                                                                                                      Function 006A450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A4511
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A451B
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • messages.LIBCPMT ref: 006A4555
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A456C
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A458C
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A4599
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 958335874-0
                                                                                                                                                                                      • Opcode ID: 72d5af3d7c65b42ca400259e83fdd424de30532f18d96bca7f462d499af9e97a
                                                                                                                                                                                      • Instruction ID: 8543294f50ea37a24f88fb81469764153b56fd19d246cc2e3b99e14285a7f728
                                                                                                                                                                                      • Opcode Fuzzy Hash: 72d5af3d7c65b42ca400259e83fdd424de30532f18d96bca7f462d499af9e97a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8101C0759001659BCB44FB64D9516BE77BBBF85320F24040EF810AB381CFB49E01DB88
                                                                                                                                                                                      Function 006A46C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A46D0
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A46DA
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 006A4714
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A472B
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A474B
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A4758
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                      • Opcode ID: f0794c27a12131ad5924392d2a7481288c7576bf5bd4a5b2d8b2ebd152ad6ef5
                                                                                                                                                                                      • Instruction ID: 945898f46bae45a7f395c9ea30d5df31b6d6c63a1a29b05edf85d347f1bfd47d
                                                                                                                                                                                      • Opcode Fuzzy Hash: f0794c27a12131ad5924392d2a7481288c7576bf5bd4a5b2d8b2ebd152ad6ef5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E01C0359001AA9BCF08FB64C945ABE77B7BF81320F25000DE820AB391CFB49E01CB95
                                                                                                                                                                                      Function 006A475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A4765
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A476F
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 006A47A9
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A47C0
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A47E0
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A47ED
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3376033448-0
                                                                                                                                                                                      • Opcode ID: f9184d89f5343528274a9ef554be07ed7999a069c5d98f8502cae44e8b8f2879
                                                                                                                                                                                      • Instruction ID: af99c7eaa0cece7b78ea1119ee11f2d2644382e6d4d9bd2d598d2c19de244ac0
                                                                                                                                                                                      • Opcode Fuzzy Hash: f9184d89f5343528274a9ef554be07ed7999a069c5d98f8502cae44e8b8f2879
                                                                                                                                                                                      • Instruction Fuzzy Hash: BF01AD359001669BCB04FB64D945AAE77A7BF91724F24010DE811AB391CFB49E01CB89
                                                                                                                                                                                      Function 0065C410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0065C546
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0065C54B
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0065C550
                                                                                                                                                                                        • Part of subcall function 006AE960: _free.LIBCMT ref: 006AE973
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task$_free
                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                      • API String ID: 149343396-2658103896
                                                                                                                                                                                      • Opcode ID: 58ca85bff434ffd281c4dfeaddc779bda4a2390aacb1777c07859d5f03aee5a4
                                                                                                                                                                                      • Instruction ID: 2d2425e50b97d0660db094ae9f9f559501465273df4f83b9657e53600379f95f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 58ca85bff434ffd281c4dfeaddc779bda4a2390aacb1777c07859d5f03aee5a4
                                                                                                                                                                                      • Instruction Fuzzy Hash: B84168B5900341AFCB20EF64D851BAABBF6EF06310F08855DEC459B742D776E909CBA1
                                                                                                                                                                                      Function 006AD1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,006AD278,?,?,007277FC,00000000,?,006AD3A3,00000004,InitializeCriticalSectionEx,0070013C,00700144,00000000), ref: 006AD247
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                      • API String ID: 3664257935-2084034818
                                                                                                                                                                                      • Opcode ID: 7b69e62068620ae0167ee77143e6b1ace541094ad592fd2e8133d6b349a7a616
                                                                                                                                                                                      • Instruction ID: b5d523fb539305f76fb819de772f8c549dbbe3abb81e18d9c351936bdfe1f108
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b69e62068620ae0167ee77143e6b1ace541094ad592fd2e8133d6b349a7a616
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A11CA31A41221ABDB216B689C44B9977A6AF03770F150250FE02EB7C0D770EE01CED1
                                                                                                                                                                                      Function 0065E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0065E172
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0065E182
                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 0065E1C2
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                      • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                      • API String ID: 588496660-2191092095
                                                                                                                                                                                      • Opcode ID: 5a605d1d1a9b9e5d0fc48249f5c3d23e1428f6e8ab206d657bb60d1dfa6acb22
                                                                                                                                                                                      • Instruction ID: 46b6524a7badbc7877bcfb1927a8516f1319cf72887b25e7d7ec53bfeeb612de
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a605d1d1a9b9e5d0fc48249f5c3d23e1428f6e8ab206d657bb60d1dfa6acb22
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE01F535640740DBD7314B5AFC04BA27BAAB790B22F00803BE508C6260C3B79559CB64
                                                                                                                                                                                      Function 006811F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00681210
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0068121A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • WriteFile failed: %d, xrefs: 00681221
                                                                                                                                                                                      • NWebAdvisor::CCabParser::Write, xrefs: 00681228
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 0068122D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                      • String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                      • API String ID: 442123175-2264278858
                                                                                                                                                                                      • Opcode ID: ebb9b5ec6bef2483d5e428198e278d20301ab95de6d32869e9a2c221d23ff6d2
                                                                                                                                                                                      • Instruction ID: 40b77a29989736492bd6020e6c07b4532e7d9539b645a18a7a66b7f681339451
                                                                                                                                                                                      • Opcode Fuzzy Hash: ebb9b5ec6bef2483d5e428198e278d20301ab95de6d32869e9a2c221d23ff6d2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69F08131640208AFDB40FFA4DC42FBEB7A6AB14B04F40415CF9059A181D9719A54DB51
                                                                                                                                                                                      Function 006608A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32), ref: 006608A9
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 006608C0
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?), ref: 006608D7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                      • String ID: IsWow64Process$kernel32
                                                                                                                                                                                      • API String ID: 4190356694-3789238822
                                                                                                                                                                                      • Opcode ID: 48a980b778f2371e4322ca2343503ea9f3c89fcee44fbfa579b7e83413f9ea8b
                                                                                                                                                                                      • Instruction ID: f4c2cca43f77ac409e01ec7367795c105d09afc2141ca8663b5207bf661fbd97
                                                                                                                                                                                      • Opcode Fuzzy Hash: 48a980b778f2371e4322ca2343503ea9f3c89fcee44fbfa579b7e83413f9ea8b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 43F0A772D4131CABDF109BA06C09AEB779DDB01755B004AE9EC0897240E6768E1496D0
                                                                                                                                                                                      Function 006BE940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,006BE935,?,?,006BE8FD,00000002,00000002,?), ref: 006BE955
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006BE968
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,006BE935,?,?,006BE8FD,00000002,00000002,?), ref: 006BE98B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                      • Opcode ID: dfe11ecea37c00ff3f60d43fea16bb92e8482d8ad65cac6ff95c189162856f94
                                                                                                                                                                                      • Instruction ID: b466b0765f55cd24960afcd7a1094aa63f505cf844fbc1b80f4f86e4286e4845
                                                                                                                                                                                      • Opcode Fuzzy Hash: dfe11ecea37c00ff3f60d43fea16bb92e8482d8ad65cac6ff95c189162856f94
                                                                                                                                                                                      • Instruction Fuzzy Hash: C6F08C70A50318FBDB11AB51DD49FDEBEBAEF00B55F000164F404A62A0CBB68E44DBA0
                                                                                                                                                                                      Function 006A8982 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SleepConditionVariableCS.KERNELBASE(?,006A891F,00000064), ref: 006A89A5
                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0072742C,00641171,?,006A891F,00000064,?,?,?,0064402B,0072827C,AC3C8B06,?,00641171,?), ref: 006A89AF
                                                                                                                                                                                      • WaitForSingleObjectEx.KERNEL32(00641171,00000000,?,006A891F,00000064,?,?,?,0064402B,0072827C,AC3C8B06,?,00641171,?), ref: 006A89C0
                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0072742C,?,006A891F,00000064,?,?,?,0064402B,0072827C,AC3C8B06,?,00641171,?), ref: 006A89C7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                      • String ID: ,tr
                                                                                                                                                                                      • API String ID: 3269011525-995019380
                                                                                                                                                                                      • Opcode ID: f60fd5f43a0b2edced72e7966f4314cc836a6c9e7bb7137257d07ec862629eb2
                                                                                                                                                                                      • Instruction ID: 24b594a0878771f8c3aba775a02b6c3af4a6ee603516fe869fa576870f341f5b
                                                                                                                                                                                      • Opcode Fuzzy Hash: f60fd5f43a0b2edced72e7966f4314cc836a6c9e7bb7137257d07ec862629eb2
                                                                                                                                                                                      • Instruction Fuzzy Hash: C9E092329052B4EFC7153B54ED0999E7E2AEB09B10B004020F5095B161CB661D21CFD6
                                                                                                                                                                                      Function 006C03F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006C2174: RtlAllocateHeap.NTDLL(00000000,?,?,?,006A872D,?,?,0063A1ED,0000002C,AC3C8B06), ref: 006C21A6
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0501
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0518
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0535
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0550
                                                                                                                                                                                      • _free.LIBCMT ref: 006C0567
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$AllocateHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3033488037-0
                                                                                                                                                                                      • Opcode ID: 14918e607c3f737608c1f30395221a25e5258abf2fb66020c933258638fb3198
                                                                                                                                                                                      • Instruction ID: 4827962b41cdea5194ee926c88fe6e430ed9a467fae9b74fe4334e57e7a107cc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 14918e607c3f737608c1f30395221a25e5258abf2fb66020c933258638fb3198
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B519D71A00705EFEB209F29C941FBA77F6EF48724B54466DE90AD7290E731EA01CB44
                                                                                                                                                                                      Function 006943F0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006943F7
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00694401
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00694452
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00694472
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0069447F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                      • Opcode ID: a46a7524720e1fc1fcb0cc6e6b16420acf0a5ec5f127289d7aa204559c2bd7c6
                                                                                                                                                                                      • Instruction ID: 555bb4b7c985a64ac7df58245b60451de8a701278fd36009486e61dd78370ac5
                                                                                                                                                                                      • Opcode Fuzzy Hash: a46a7524720e1fc1fcb0cc6e6b16420acf0a5ec5f127289d7aa204559c2bd7c6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 491193319052299BCF54FB989841BAEB7ABEF44B10F14401DF904AB791DF749E06CB98
                                                                                                                                                                                      Function 00697579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2020259771-0
                                                                                                                                                                                      • Opcode ID: 6e1084cfe4e3823e14b7a2481ee1f8a2e3ad3d7a7599b74602e16da96c6a594f
                                                                                                                                                                                      • Instruction ID: 0f499c0897a3744e5541015249b91ad96af623863c30daf876d1251daea8e488
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e1084cfe4e3823e14b7a2481ee1f8a2e3ad3d7a7599b74602e16da96c6a594f
                                                                                                                                                                                      • Instruction Fuzzy Hash: AD119EB1618744BBEB20DBA48881F12B7EDEF08310F04491AF285CFE40E665FD5487A9
                                                                                                                                                                                      Function 006A459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A45A6
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A45B0
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A4601
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A4621
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A462E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                      • Opcode ID: fa9bd98ae7e96baae4910d8237f7348527e1fed8eedf3a4607e58f946b371b6d
                                                                                                                                                                                      • Instruction ID: 0373d0298b616dc9b931671ec7aa2207f2a1ac54f45c96c60dbc24ad0f7ca234
                                                                                                                                                                                      • Opcode Fuzzy Hash: fa9bd98ae7e96baae4910d8237f7348527e1fed8eedf3a4607e58f946b371b6d
                                                                                                                                                                                      • Instruction Fuzzy Hash: DC018035D002699BCB45FB64D996AAE7777AF81710F24000DE810AB391DFB49E01CB98
                                                                                                                                                                                      Function 006A4634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A463B
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A4645
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A4696
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A46B6
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A46C3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                      • Opcode ID: e9a4cdf1f1955d2467988c1efbbd90a480e99f6d6b2716a95b36c43a61ba3fe6
                                                                                                                                                                                      • Instruction ID: abcc20036d6cbca2d5c4b62dc7699eba37c74f130e77e314742e0f0e6e4b82b8
                                                                                                                                                                                      • Opcode Fuzzy Hash: e9a4cdf1f1955d2467988c1efbbd90a480e99f6d6b2716a95b36c43a61ba3fe6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A01AD319001659BCB05FB64D951AAE77A7AF81310F24000DE810AB392CFB49E01CF98
                                                                                                                                                                                      Function 006A47F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A47FA
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A4804
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A4855
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A4875
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A4882
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                      • Opcode ID: 4a78eab8976a3663ba5d9c59794649ce0c038d5432bbe43b9cb00f341c95df7e
                                                                                                                                                                                      • Instruction ID: 48ad81b50570ca4596d003404561012c8f49c63046f22759727f877aa66d6b89
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a78eab8976a3663ba5d9c59794649ce0c038d5432bbe43b9cb00f341c95df7e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F01C4319002659BCF48FB64D852AAE7777BF80710F24000DE8106B381CFB4DE01CB85
                                                                                                                                                                                      Function 006A4888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 006A488F
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006A4899
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::_Lockit.LIBCPMT ref: 00632D30
                                                                                                                                                                                        • Part of subcall function 00632D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00632D4C
                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 006A48EA
                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 006A490A
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006A4917
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 55977855-0
                                                                                                                                                                                      • Opcode ID: 607fb9a9d5da0026b67826d7420a7f87a9302e825725182c1bb40734061a56a7
                                                                                                                                                                                      • Instruction ID: 834d5133afbb9eace48f5d017de0136bd604d0bb79a2171341beaa33d791b38f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 607fb9a9d5da0026b67826d7420a7f87a9302e825725182c1bb40734061a56a7
                                                                                                                                                                                      • Instruction Fuzzy Hash: DA01AD3190016A9BCF44FBA4D841AAE77A7AF80320F24010DE810AB381CFB49E05CB99
                                                                                                                                                                                      Function 006CB487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _free.LIBCMT ref: 006CB49F
                                                                                                                                                                                        • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                        • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                      • _free.LIBCMT ref: 006CB4B1
                                                                                                                                                                                      • _free.LIBCMT ref: 006CB4C3
                                                                                                                                                                                      • _free.LIBCMT ref: 006CB4D5
                                                                                                                                                                                      • _free.LIBCMT ref: 006CB4E7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                      • Opcode ID: 553b6b0d6d8e6e924f66661470da5603a70ab7a963364c681bafbf32887c4186
                                                                                                                                                                                      • Instruction ID: a1aab3c0af21e06cec56cb7b6a7ad89db5a3523feddf9c7257b63b5d9a69f460
                                                                                                                                                                                      • Opcode Fuzzy Hash: 553b6b0d6d8e6e924f66661470da5603a70ab7a963364c681bafbf32887c4186
                                                                                                                                                                                      • Instruction Fuzzy Hash: ECF0FF32608614AB8674EB68F996EAA73DEFA00710B94D81EF449D7685C724FC808A58
                                                                                                                                                                                      Function 00680720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • CloseHandle failed: %d, xrefs: 00680737
                                                                                                                                                                                      • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00680743
                                                                                                                                                                                      • NWebAdvisor::CCabParser::Close, xrefs: 0068073E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                      • String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                      • API String ID: 918212764-1823807987
                                                                                                                                                                                      • Opcode ID: 80c8ae042380212490c3842f501733bb1188d32905113efe9985942807c11ff2
                                                                                                                                                                                      • Instruction ID: a158b2ea50d2576269f19b9739c19c4d1443cf6d9ab6bde2a2d8b584580b858a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 80c8ae042380212490c3842f501733bb1188d32905113efe9985942807c11ff2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FD05B313807146EF7602B68EC0AFB63657DF01714F110B1CB715D51E1D6E3A8514765
                                                                                                                                                                                      Function 006952EC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 006952F3
                                                                                                                                                                                        • Part of subcall function 0065BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0065BE2F
                                                                                                                                                                                        • Part of subcall function 0065BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0065BE51
                                                                                                                                                                                        • Part of subcall function 0065BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0065BE71
                                                                                                                                                                                        • Part of subcall function 0065BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0065BFFC
                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 006954EF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                      • String ID: 0123456789ABCDEFabcdef-+Xx$l8]i
                                                                                                                                                                                      • API String ID: 3042121994-3628426331
                                                                                                                                                                                      • Opcode ID: f6820ed193dc165315f3337872cf3e588368d1b1bd07eaf02c141f599af59018
                                                                                                                                                                                      • Instruction ID: 22c8ec76a4d0d06c2a8901921670270efc915a766f58df43e1bf8c641f2e5ccd
                                                                                                                                                                                      • Opcode Fuzzy Hash: f6820ed193dc165315f3337872cf3e588368d1b1bd07eaf02c141f599af59018
                                                                                                                                                                                      • Instruction Fuzzy Hash: 03C18D30E046888ADF62DFA4C590AECBBBBAF55300F684059D8866B783DB309D46CB54
                                                                                                                                                                                      Function 006D51F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: \\?\
                                                                                                                                                                                      • API String ID: 0-4282027825
                                                                                                                                                                                      • Opcode ID: c9b372bb831156353f086cc35ae03c79c5908c536b0ca02588f3047a40ea8ff6
                                                                                                                                                                                      • Instruction ID: 7075df0962201d1ceb6ac7192c8586e8f6af874cb498cd0b305c13a44c69584a
                                                                                                                                                                                      • Opcode Fuzzy Hash: c9b372bb831156353f086cc35ae03c79c5908c536b0ca02588f3047a40ea8ff6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 31715C71D00619DBCF14DFA8C884ADEBBFABF49310F14062AE416E7790E730A945CBA5
                                                                                                                                                                                      Function 0063B420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0063B64C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                      • API String ID: 323602529-1866435925
                                                                                                                                                                                      • Opcode ID: 6d25ae75188815a03950678508989c69dfb9b08afd1a98b47452a11dc4406080
                                                                                                                                                                                      • Instruction ID: ea36d5451c806a914a06c046c5304ab12a5d9b6369cadf702fbf2857fefaa4f4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d25ae75188815a03950678508989c69dfb9b08afd1a98b47452a11dc4406080
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F7168B1A0064AEFDB14CF58C984BAABBF5FF48314F14816AEA149B381D775A905CF90
                                                                                                                                                                                      Function 006D4620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 006D46E4
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006D4728
                                                                                                                                                                                      • WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 006D4768
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PrivateProfileStructWrite$ErrorLast
                                                                                                                                                                                      • String ID: MCRG
                                                                                                                                                                                      • API String ID: 3778923442-1523812224
                                                                                                                                                                                      • Opcode ID: 4beeff1f2d085c359459b1173912afebfa9365d0cb0101e7e19509a444b1c634
                                                                                                                                                                                      • Instruction ID: 5f319f8d0c0bf40d856d9c3efbc9c5c5d6f3d53d54ec4045adc1adbdfe7506e7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4beeff1f2d085c359459b1173912afebfa9365d0cb0101e7e19509a444b1c634
                                                                                                                                                                                      • Instruction Fuzzy Hash: E2517F75D00249AFDB10CFA8D845BDEBBB6EF49324F14825AF815AB3A1DB709D05CB90
                                                                                                                                                                                      Function 00640490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00693D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,006404D5,?,?,AC3C8B06), ref: 00693DAE
                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 006405CC
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 006405F6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
                                                                                                                                                                                      • String ID: generic$unknown error
                                                                                                                                                                                      • API String ID: 3868770561-3628847473
                                                                                                                                                                                      • Opcode ID: b951b8c4e3acab9a4464e2320d8cb45fc8dbf0752091389c2975e7d8ed447907
                                                                                                                                                                                      • Instruction ID: c6f6df6cba037e94e1e017e31754e9557c7db9b04ac6ea2a49985decd977510a
                                                                                                                                                                                      • Opcode Fuzzy Hash: b951b8c4e3acab9a4464e2320d8cb45fc8dbf0752091389c2975e7d8ed447907
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9541D4B09003149FEB24AF68C9457AFBBEAEF45310F10062EE55697381D77899048BA1
                                                                                                                                                                                      Function 006BEA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\is-RB179.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                      • API String ID: 0-1281974166
                                                                                                                                                                                      • Opcode ID: 24fd85fcec7094e097377e0e5292068af7781726ed434e0ca2993bca36112fca
                                                                                                                                                                                      • Instruction ID: 0b915222af969270ad768693a7e76a8e41b7783186d27ccdeec856ec808f7fa5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24fd85fcec7094e097377e0e5292068af7781726ed434e0ca2993bca36112fca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B3192B1A00218ABCB71DF99DD85DEEBBBEFF94310B14406AE40597310D7729E85CB54
                                                                                                                                                                                      Function 00634A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: H_prolog3_
                                                                                                                                                                                      • String ID: /affid$MSAD_Subinfo$affid
                                                                                                                                                                                      • API String ID: 2427045233-3897642808
                                                                                                                                                                                      • Opcode ID: 3f99a2921b797b2e55b9f01ef90ea82008952ad67f35ed417fa525e2bfd617e9
                                                                                                                                                                                      • Instruction ID: c543685ce847e9d350b810cbbbad1b217a5911b17ea6befeae52146c8d11767b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f99a2921b797b2e55b9f01ef90ea82008952ad67f35ed417fa525e2bfd617e9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D415BB0904248DECB08DFA4D895AEDFBB5FF09314F14416EE406A7381DB34AA4ACB95
                                                                                                                                                                                      Function 006A2F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 006A2F57
                                                                                                                                                                                        • Part of subcall function 00697DF0: __EH_prolog3.LIBCMT ref: 00697DF7
                                                                                                                                                                                        • Part of subcall function 00697DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00697E01
                                                                                                                                                                                        • Part of subcall function 00697DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00697E72
                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 006A2FF3
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                      • String ID: %.0Lf$0123456789-
                                                                                                                                                                                      • API String ID: 2544715827-3094241602
                                                                                                                                                                                      • Opcode ID: 0458dd2a5567db3625389bc05ce304dbd443d2faa0cdbce76a29763a372f9e67
                                                                                                                                                                                      • Instruction ID: 388c859b532d8d7505f1530263694b919d33ce4af4b28e3bbc4902b7e9a191f2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0458dd2a5567db3625389bc05ce304dbd443d2faa0cdbce76a29763a372f9e67
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D414A31900219DFCF55EFA8C980AEDBBB6BF06314F100159F911AB255DB309E56CFA5
                                                                                                                                                                                      Function 006A3200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 006A3207
                                                                                                                                                                                        • Part of subcall function 006332DE: __EH_prolog3_GS.LIBCMT ref: 006332E5
                                                                                                                                                                                        • Part of subcall function 006332DE: std::_Lockit::_Lockit.LIBCPMT ref: 006332F2
                                                                                                                                                                                        • Part of subcall function 006332DE: std::_Lockit::~_Lockit.LIBCPMT ref: 00633360
                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 006A32A3
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                      • String ID: 0123456789-$0123456789-
                                                                                                                                                                                      • API String ID: 3328206922-2494171821
                                                                                                                                                                                      • Opcode ID: baa281e253cad4cc701c2c70525c61cc11796c422c50f3be166bae43a54d6260
                                                                                                                                                                                      • Instruction ID: c1cafa6e8087d1a47ab5acb588fcb6d170ff1e366fb7b51e3f87ac3ae792be7a
                                                                                                                                                                                      • Opcode Fuzzy Hash: baa281e253cad4cc701c2c70525c61cc11796c422c50f3be166bae43a54d6260
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A413B71900218DFCF45EFA4C885AEDBBB6BF09310F100159F911AB255DB309E56CF95
                                                                                                                                                                                      Function 006A7470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 006A7477
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C995
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::_Lockit.LIBCPMT ref: 0065C9B7
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065C9D7
                                                                                                                                                                                        • Part of subcall function 0065C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0065CAB1
                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 006A7511
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                      • String ID: 0123456789-$0123456789-
                                                                                                                                                                                      • API String ID: 3042121994-2494171821
                                                                                                                                                                                      • Opcode ID: b9980f583b1b777a46e3c5288db6b2d3b417b35f678e86c68c08dbf820a826d5
                                                                                                                                                                                      • Instruction ID: ff18a581682cbcc85ac63b9d31d6f944222b32899f013801cfedbe02eb28e753
                                                                                                                                                                                      • Opcode Fuzzy Hash: b9980f583b1b777a46e3c5288db6b2d3b417b35f678e86c68c08dbf820a826d5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 18413931900209DFCF05EFA8D881AEEBBB6FF05310F100099E911AB252DB359E56CF95
                                                                                                                                                                                      Function 00647156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00654B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0065521E
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                      • String ID: Failed to add event category ($V
                                                                                                                                                                                      • API String ID: 2287862619-1647955383
                                                                                                                                                                                      • Opcode ID: c394f71d05e6d382909fb5bc8d4cdd5a49234090f2c137a3274fe59cbb10f565
                                                                                                                                                                                      • Instruction ID: f2cdf8d87d128ebff94e0770e0ca0997a560325d22165dfd868b95c55e5b93d2
                                                                                                                                                                                      • Opcode Fuzzy Hash: c394f71d05e6d382909fb5bc8d4cdd5a49234090f2c137a3274fe59cbb10f565
                                                                                                                                                                                      • Instruction Fuzzy Hash: CD31A070914248CFDF44EF60D855BDE7BB6EF55304F5040ADE8061B282EB79AA08CFA6
                                                                                                                                                                                      Function 0064A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,AC3C8B06,?,?), ref: 0064A531
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 0064A7EC
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064A989
                                                                                                                                                                                        • Part of subcall function 0064F110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0064F268
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Unexpected return value: , xrefs: 0064A8CC
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                      • String ID: Unexpected return value:
                                                                                                                                                                                      • API String ID: 1703231451-3613193034
                                                                                                                                                                                      • Opcode ID: f8a7f628ff24554eb23af5e65139eb8b367273cf13250672b8effad1387fbda3
                                                                                                                                                                                      • Instruction ID: 2c7b24d1014bd34a9ac698603ce2b2010c4937aeca9189302c5f11e0f7fbd67e
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8a7f628ff24554eb23af5e65139eb8b367273cf13250672b8effad1387fbda3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9221BF70941208EBDF18DFE4CD89AECB73BAF45310F1042A8E111AB2D5DB309A85CE56
                                                                                                                                                                                      Function 00647052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceBeginInitialize.KERNEL32(007280C4,00000000,AC3C8B06,00000000,AC3C8B06,0063A219,007280CC,?,?,?,?,?,?,0063A219,?,?), ref: 00639BE5
                                                                                                                                                                                        • Part of subcall function 00639BB0: InitOnceComplete.KERNEL32(007280C4,00000000,00000000), ref: 00639C1D
                                                                                                                                                                                        • Part of subcall function 00639940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00639A12
                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00647D3D
                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00647DC8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                      • String ID: P$Service has not been initialized
                                                                                                                                                                                      • API String ID: 920826028-2917841385
                                                                                                                                                                                      • Opcode ID: 880a4197cd50a04443698b2bfaca2d7cb943603ecbcbc784143650f6c5baa502
                                                                                                                                                                                      • Instruction ID: 0abca230155b3b74d04ea6be7fb62747210a97570527738ae9652ac16b096266
                                                                                                                                                                                      • Opcode Fuzzy Hash: 880a4197cd50a04443698b2bfaca2d7cb943603ecbcbc784143650f6c5baa502
                                                                                                                                                                                      • Instruction Fuzzy Hash: F7018471A14248CFDF44EFA0D452BEDB7B6EF55300F50806DE90257281EB79A60CCEA9
                                                                                                                                                                                      Function 0063308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00633095
                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 006330A2
                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006330DF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                      • API String ID: 4089677319-1405518554
                                                                                                                                                                                      • Opcode ID: 97420e11770864f3da9b4eeffc838fa7ce2fca98476a7d5209a5434b9e476fbd
                                                                                                                                                                                      • Instruction ID: 6d8ec4dd1c9694d22651625a75e24362de756b16df106bac452faad15bc939b7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 97420e11770864f3da9b4eeffc838fa7ce2fca98476a7d5209a5434b9e476fbd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 55014F70805B80DEC720AF69848114AFEE1BF29700B508A2EE08983B41CB30A604CB9D
                                                                                                                                                                                      Function 006C24F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _strrchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3213747228-0
                                                                                                                                                                                      • Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                      • Instruction ID: 3959643cfd00ca0929db1370f9d1e316518c131f2460aa7fe98436be01651009
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                      • Instruction Fuzzy Hash: 74B1F0729042869FDB15CF28C8A1BFEBBA6EF55340F2481AEEC459B341D6349D42CB64
                                                                                                                                                                                      Function 006D2AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0063463F: GetProcessHeap.KERNEL32(?,?,?,0065C2E1,?,?,?,AC3C8B06,?,00000000), ref: 00634676
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2BF4
                                                                                                                                                                                        • Part of subcall function 006575F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,80070057,8007000E,80004005,00658806,00000000,?,00000000,00000002,00000000), ref: 00657628
                                                                                                                                                                                        • Part of subcall function 006575F0: LoadResource.KERNEL32(00000000,00000000,?,00000000,00000002,00000000), ref: 00657636
                                                                                                                                                                                        • Part of subcall function 006575F0: LockResource.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 00657641
                                                                                                                                                                                        • Part of subcall function 006575F0: SizeofResource.KERNEL32(00000000,00000000,?,00000000,00000002,00000000), ref: 0065764F
                                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,?,00000006), ref: 006D2B74
                                                                                                                                                                                        • Part of subcall function 00657580: LoadResource.KERNEL32(00000101,00000101,00000000,80070057,8007000E,80004005,00658806,00000000,?,00000000,00000002,00000000), ref: 00657589
                                                                                                                                                                                        • Part of subcall function 00657580: LockResource.KERNEL32(-00000075,80070057,8007000E,80004005,00658806,00000000,?,00000000,00000002,00000000), ref: 00657594
                                                                                                                                                                                        • Part of subcall function 00657580: SizeofResource.KERNEL32(00000101,00000101,?,00000000,00000002,00000000), ref: 006575A8
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 006D2BAB
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2C2E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2838002939-0
                                                                                                                                                                                      • Opcode ID: 8c1b744fe42832c2709c694dd5878a7ab9f3d8d2dd8606f01c7675c2378cd496
                                                                                                                                                                                      • Instruction ID: d9496133348701c06f79a1da08a78d128a084e9f52caf473712d14b0d9d6acc2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c1b744fe42832c2709c694dd5878a7ab9f3d8d2dd8606f01c7675c2378cd496
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6451BF30600642AFE7248F18CCA9F6AB7EAEF64714F20465EF5019B3D0EBB5AC40CB54
                                                                                                                                                                                      Function 006AC0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                                      • Opcode ID: d85f8c9663025933cc10365113afc93c3502c06867aa6bfeba2a4888cb02f9b7
                                                                                                                                                                                      • Instruction ID: b9ec7e0aa3999562a28c13d9862b0b2d0921c3c3865e4bad61fd8af7f7392378
                                                                                                                                                                                      • Opcode Fuzzy Hash: d85f8c9663025933cc10365113afc93c3502c06867aa6bfeba2a4888cb02f9b7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2051D3B2640206EFDB29BF98C841BBA77A6FF06724F14452EE81557292D731ED81CF90
                                                                                                                                                                                      Function 006C3531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 9c53bbb95ef95fa68427803bb1a618b7237c452baf924f1a3e2923b7b6324af6
                                                                                                                                                                                      • Instruction ID: 42e2314117ea2e4d5986b127b7063850226b3a8d537f8b8ea0d47b878e1b84bd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c53bbb95ef95fa68427803bb1a618b7237c452baf924f1a3e2923b7b6324af6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A41C8B1A00714BFD724AF78C841FBABBA6EF85710F10852EE112DB781D671DA418794
                                                                                                                                                                                      Function 0065EBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0065EBCB
                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0065EC28
                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 0065EC4F
                                                                                                                                                                                        • Part of subcall function 0065EBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 0065EC7E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseEnumOpenSecurity
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 611561417-0
                                                                                                                                                                                      • Opcode ID: a263a60e3c400aa9facdff2155b4dc5774f7faac26b863aa7c48a77a848247d8
                                                                                                                                                                                      • Instruction ID: 7db97b8dc5f054d5cd99f7272bd362b49dd98d8ab7f20ac57c8d53e9b0ba04da
                                                                                                                                                                                      • Opcode Fuzzy Hash: a263a60e3c400aa9facdff2155b4dc5774f7faac26b863aa7c48a77a848247d8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C31A272A0031CABDF209F54DD49FEAB3BAEB08701F0005A9FD15A7291DA719E54CF50
                                                                                                                                                                                      Function 006BE0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: c25ac4a0e103be319108a8fa0419cb531c1e0e642bc0d39be6eb605e026e9bd9
                                                                                                                                                                                      • Instruction ID: 3d4fd64cea47ef2a720771b6d2a384c5cefe70df1050d84d1975bb8e67b57be1
                                                                                                                                                                                      • Opcode Fuzzy Hash: c25ac4a0e103be319108a8fa0419cb531c1e0e642bc0d39be6eb605e026e9bd9
                                                                                                                                                                                      • Instruction Fuzzy Hash: E921A1F1644205AFEB20AF69CC81DFB77AFEF053687204518F42597291D732EC9187A0
                                                                                                                                                                                      Function 006575F0 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006A987E: EnterCriticalSection.KERNEL32(007277A0,?,00000101,?,006586A7,00000000,?,00000101,?,00000000,?,?,0065C338,-00000010), ref: 006A9889
                                                                                                                                                                                        • Part of subcall function 006A987E: LeaveCriticalSection.KERNEL32(007277A0,?,006586A7,00000000,?,00000101,?,00000000,?,?,0065C338,-00000010,?,?,?,AC3C8B06), ref: 006A98B5
                                                                                                                                                                                      • FindResourceExW.KERNEL32(00000000,00000006,00000000,00000000,80070057,8007000E,80004005,00658806,00000000,?,00000000,00000002,00000000), ref: 00657628
                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,00000000,00000002,00000000), ref: 00657636
                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 00657641
                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00000000,00000002,00000000), ref: 0065764F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 529824247-0
                                                                                                                                                                                      • Opcode ID: 07adc338b7f75d50f9bfced4c32344a3a2a52156dd8acfe5db1e726ca9620150
                                                                                                                                                                                      • Instruction ID: 530e304fa259b31b229944fc33ddd6df1892e552976d6cb7820b801bd2f5f39f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 07adc338b7f75d50f9bfced4c32344a3a2a52156dd8acfe5db1e726ca9620150
                                                                                                                                                                                      • Instruction Fuzzy Hash: 55110231508B225BD7355F2CAC84A7B76ABEB91782F100D2CFC9287350EB69DC18C764
                                                                                                                                                                                      Function 006D1647 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WriteConsoleW.KERNEL32(0066860A,AC3C8B06,0071C218,00000000,0066860A,?,006CF9C7,0066860A,00000001,0066860A,0066860A,?,006C5B42,00000000,?,0066860A), ref: 006D165E
                                                                                                                                                                                      • GetLastError.KERNEL32(?,006CF9C7,0066860A,00000001,0066860A,0066860A,?,006C5B42,00000000,?,0066860A,00000000,0066860A,?,006C6096,0066860A), ref: 006D166A
                                                                                                                                                                                        • Part of subcall function 006D1630: CloseHandle.KERNEL32(FFFFFFFE,006D167A,?,006CF9C7,0066860A,00000001,0066860A,0066860A,?,006C5B42,00000000,?,0066860A,00000000,0066860A), ref: 006D1640
                                                                                                                                                                                      • ___initconout.LIBCMT ref: 006D167A
                                                                                                                                                                                        • Part of subcall function 006D15F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,006D161F,006CF9B4,0066860A,?,006C5B42,00000000,?,0066860A,00000000), ref: 006D1603
                                                                                                                                                                                      • WriteConsoleW.KERNEL32(0066860A,AC3C8B06,0071C218,00000000,?,006CF9C7,0066860A,00000001,0066860A,0066860A,?,006C5B42,00000000,?,0066860A,00000000), ref: 006D168F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2744216297-0
                                                                                                                                                                                      • Opcode ID: e934e8843674aebee6e03af3309f259150bf3295fb4d3862e5f035343f02bdc7
                                                                                                                                                                                      • Instruction ID: c48d0ea5ca5de50e8c267daaa8a46fa09a3b43d58830d1fa0f17ba4f9faac30b
                                                                                                                                                                                      • Opcode Fuzzy Hash: e934e8843674aebee6e03af3309f259150bf3295fb4d3862e5f035343f02bdc7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF01C36801154BBCF321FD1DC05A9A3F27FB4A3A0F088015FA1989220C672C9209F94
                                                                                                                                                                                      Function 006BF540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _free.LIBCMT ref: 006BF549
                                                                                                                                                                                        • Part of subcall function 006C2098: RtlFreeHeap.NTDLL(00000000,00000000,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?), ref: 006C20AE
                                                                                                                                                                                        • Part of subcall function 006C2098: GetLastError.KERNEL32(?,?,006CB729,?,00000000,?,?,?,006CB9CC,?,00000007,?,?,006CBDD6,?,?), ref: 006C20C0
                                                                                                                                                                                      • _free.LIBCMT ref: 006BF55C
                                                                                                                                                                                      • _free.LIBCMT ref: 006BF56D
                                                                                                                                                                                      • _free.LIBCMT ref: 006BF57E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                      • Opcode ID: 79cc3d03c355e159284820a8f9fbe071c2deb864829a978237d9c36f1a064ee2
                                                                                                                                                                                      • Instruction ID: f1d68be0d7ec830385f720bf7eeaae8b81e83b76fb3f383069370b16114f6a9f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 79cc3d03c355e159284820a8f9fbe071c2deb864829a978237d9c36f1a064ee2
                                                                                                                                                                                      • Instruction Fuzzy Hash: DCE046708856609A86B23F30BD01A293B2AF714710344800FF80822331CF3F01AFDBAE
                                                                                                                                                                                      Function 006D4440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006D2AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 006D2B74
                                                                                                                                                                                        • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 006D2BAB
                                                                                                                                                                                        • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2C2E
                                                                                                                                                                                      • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 006D453C
                                                                                                                                                                                      • WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 006D4598
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
                                                                                                                                                                                      • String ID: MCRG
                                                                                                                                                                                      • API String ID: 2178413835-1523812224
                                                                                                                                                                                      • Opcode ID: 84a172b3d98cafeb01cb35a8e2943c53f80f9d6413f302d1211b9313865a9190
                                                                                                                                                                                      • Instruction ID: adb76dd11ba7d6ec15f698be2300e76aeb2cb215ca4ad6e1652ccc9db07ebfca
                                                                                                                                                                                      • Opcode Fuzzy Hash: 84a172b3d98cafeb01cb35a8e2943c53f80f9d6413f302d1211b9313865a9190
                                                                                                                                                                                      • Instruction Fuzzy Hash: 66616A71901248EFDB01DFA8D844B9EFBB6EF49320F14825AF815AB3A1DB759D05CB90
                                                                                                                                                                                      Function 006571C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00657362
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00657367
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID: 'me
                                                                                                                                                                                      • API String ID: 118556049-801638730
                                                                                                                                                                                      • Opcode ID: cd9541b2bbc328c21a20bed2f576839be06b2c2d9f79b866db4f03d1a1b15e20
                                                                                                                                                                                      • Instruction ID: 23f93b644f9b866430e3225113c95ed525d488fde911808e69dd451470f3c95f
                                                                                                                                                                                      • Opcode Fuzzy Hash: cd9541b2bbc328c21a20bed2f576839be06b2c2d9f79b866db4f03d1a1b15e20
                                                                                                                                                                                      • Instruction Fuzzy Hash: C651B2B19046058FDB28DF28D94176EB7F7EF48310F10062EE85697791DB31EA48CB95
                                                                                                                                                                                      Function 006AC6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 006AC707
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: EncodePointer
                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                      • API String ID: 2118026453-2084237596
                                                                                                                                                                                      • Opcode ID: 8a533636b8ea97cef4fd6d9760858351f2735d206b86d21210d72c976079d972
                                                                                                                                                                                      • Instruction ID: 9b8f64923fddfe8271d2f329f71c11cf92195377677d3c647faedb5f277816ed
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a533636b8ea97cef4fd6d9760858351f2735d206b86d21210d72c976079d972
                                                                                                                                                                                      • Instruction Fuzzy Hash: 31411671900209AFCF16EF98CD81AEEBBB6BF4A310F188199F91467256D3359D50DF90
                                                                                                                                                                                      Function 006C2E58 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                      • String ID: P|r$T|r
                                                                                                                                                                                      • API String ID: 269201875-942657587
                                                                                                                                                                                      • Opcode ID: 0e2b859145d24cc4fe56e6bc6e640f316c3ce417a7d1cb529ec670ad96e15692
                                                                                                                                                                                      • Instruction ID: 2f3ec64255727095f08c268ff26817e4a6a8a6026eb2247d89f2cfe638111108
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e2b859145d24cc4fe56e6bc6e640f316c3ce417a7d1cb529ec670ad96e15692
                                                                                                                                                                                      • Instruction Fuzzy Hash: 891103711043039BD7649F29D891FB2B7E9EB08364B20442EF899D7242E771E880C794
                                                                                                                                                                                      Function 006A8367 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006A904B
                                                                                                                                                                                      • ___raise_securityfailure.LIBCMT ref: 006A9133
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                      • String ID: Xtr
                                                                                                                                                                                      • API String ID: 3761405300-1756760824
                                                                                                                                                                                      • Opcode ID: da779676ad08c82a61e621714aa38437a62363543b790163b155c0588f82b001
                                                                                                                                                                                      • Instruction ID: 9d5611eaa2902c8e02ef952e257df81fa5e3fa5ecfe4d525258ce9538140755b
                                                                                                                                                                                      • Opcode Fuzzy Hash: da779676ad08c82a61e621714aa38437a62363543b790163b155c0588f82b001
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8121C6B4509344DED728DF1AFE96650BBA4BB19314F60D06EE508CB3B0E3785992CF58
                                                                                                                                                                                      Function 006D6290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006D2AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 006D2B74
                                                                                                                                                                                        • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 006D2BAB
                                                                                                                                                                                        • Part of subcall function 006D2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,006DFB28,000000FF), ref: 006D2C2E
                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,?,00000100,%`m,?,00000000,?,?,?,006D6025,?,00000100,00000000,00000100), ref: 006D62BB
                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,%`m,00000100,00000000,00000100), ref: 006D62F9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiQueryValueWide$FindResource
                                                                                                                                                                                      • String ID: %`m
                                                                                                                                                                                      • API String ID: 3794624133-2537106267
                                                                                                                                                                                      • Opcode ID: 0269687df831226cc3cb690ff138ab90370813d013a934d2444fe82f7c472209
                                                                                                                                                                                      • Instruction ID: c2eb36d07a07c062cebf2349bb491a774bfd4a717458246ab5b95f65fe648750
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0269687df831226cc3cb690ff138ab90370813d013a934d2444fe82f7c472209
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E119131500209BFDB119F58CC45E9ABBA6FF49360F148165FC189B2A1E7729D60DF90
                                                                                                                                                                                      Function 0065E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CLSIDFromString.OLE32(0000007B,?), ref: 0065E650
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FromString
                                                                                                                                                                                      • String ID: @${
                                                                                                                                                                                      • API String ID: 1694596556-3118734784
                                                                                                                                                                                      • Opcode ID: 525af7684dea11f8fbe69891f637b0d2898200ee96a1d3f2c55480f34696ccd0
                                                                                                                                                                                      • Instruction ID: c85cbfc117b4698d85adb8d2a014984b9874b18872322fb7832ca80ce4029200
                                                                                                                                                                                      • Opcode Fuzzy Hash: 525af7684dea11f8fbe69891f637b0d2898200ee96a1d3f2c55480f34696ccd0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 320186316002089BCF149F58D900BEAB3B9FF59710F4081AEE845E7150DA70AA88CB94
                                                                                                                                                                                      Function 006C564E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 006CACE1: EnterCriticalSection.KERNEL32(?,?,006CF56B,?,0071C6E0,00000010,006C4ED0,00000000,05D1745D,00000004,00000000,00000016,?,00000003), ref: 006CACFC
                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(00000000,0071C518,0000000C,006C5755,JOk,?,00000003,00000003,006B4F4A,?,00000003), ref: 006C5697
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006C56A8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffersCriticalEnterErrorFileFlushLastSection
                                                                                                                                                                                      • String ID: JOk
                                                                                                                                                                                      • API String ID: 4109680722-801978910
                                                                                                                                                                                      • Opcode ID: 46dfb515f232ca50d3e0b9a07c340133ea22fcc91c2ba422e87c082d5bcf53b9
                                                                                                                                                                                      • Instruction ID: 4d0016ef37ba0d8beaf040ee98350922b18ebc729967a86b0efbf1d416ac0e12
                                                                                                                                                                                      • Opcode Fuzzy Hash: 46dfb515f232ca50d3e0b9a07c340133ea22fcc91c2ba422e87c082d5bcf53b9
                                                                                                                                                                                      • Instruction Fuzzy Hash: FB01C072A002448FC714EFA8D846BAD7BA6EF49720B10411EF4129B3A1DB74E841CB94
                                                                                                                                                                                      Function 006A9146 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006A9151
                                                                                                                                                                                      • ___raise_securityfailure.LIBCMT ref: 006A920E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                      • String ID: Xtr
                                                                                                                                                                                      • API String ID: 3761405300-1756760824
                                                                                                                                                                                      • Opcode ID: 2d48cff73f0ab1d6a6d616ccd65779316b928d2dea173b55d14d7199e4c988fc
                                                                                                                                                                                      • Instruction ID: 85833efc0d4acda6646b4316409f19a8f7d536b751ba5c9dee1b78d20b9f33f6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d48cff73f0ab1d6a6d616ccd65779316b928d2dea173b55d14d7199e4c988fc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0211B6B4519344DFD728DF1AFE82640BBA4BB18300B10D05EE9088B370E778A567CF59
                                                                                                                                                                                      Function 00692743 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00692743
                                                                                                                                                                                        • Part of subcall function 006926D0: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00692748,006928F1), ref: 006926E7
                                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(?,006928F1), ref: 00692760
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000005.00000002.2929439096.0000000000621000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                      • Associated: 00000005.00000002.2928564625.0000000000620000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2931326809.00000000006EE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932252956.000000000071F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2932843540.0000000000724000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933401174.0000000000726000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000005.00000002.2933996528.0000000000729000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_620000_saBSI.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Lock$AcquireDloadExclusiveFunctionHandleModulePointers
                                                                                                                                                                                      • String ID: 8or
                                                                                                                                                                                      • API String ID: 3692202576-2304182850
                                                                                                                                                                                      • Opcode ID: bcce4773105373169c1013680ab52f905cc02e3938ee6487a5b62cab8adabe72
                                                                                                                                                                                      • Instruction ID: 64999b3bf335df35382fbaf6493260fb213094cb5b103197e7f60b475300f7bf
                                                                                                                                                                                      • Opcode Fuzzy Hash: bcce4773105373169c1013680ab52f905cc02e3938ee6487a5b62cab8adabe72
                                                                                                                                                                                      • Instruction Fuzzy Hash: C4E0CD303312A3574F246B547FA4955334FAB41744300007BD511FBF54D5384C82C582